You might have heard some people talking about Bitcoin mining being “centralized”. Today we’ll explore what people mean by that, what kind danger that poses to the network, and whether your coins are safe.

What is Bitcoin mining?

Mining is a lottery process by which anyone in the world, without asking for permission, gets the ability to write transactions into the Bitcoin ledger. This is called mining a block. The new ledger entries are then distributed to all other Bitcoin network participants in the form of a block, and verified for following the rules.

The tickets to this lottery are purchased by expending electricity (money) by performing hashing, which is the process of taking data, running some code on it, and getting a short scrambled bunch of numbers and letters. You’re looking for a specific pattern that is impossible to predict ahead of time, so you keep hashing until you get the right thing. If you get the right pattern, you’ve won the lottery for the next block!

The more electricity you spend, the more tickets you’re buying, and the more likely you are to win the next block. The proportion of the lottery tickets you own at any one time is called your hashrate (hashes per second), which directly to translates to kilowatt hours, which you pay for with money.

Miners are incentivized economically, but not required, to commit to the ledger the transactions that everyone wants to send at the point in time when the block is found. When you write to the ledger, you’re also allowed a special transaction to yourself (called the coinbase transaction) that pays you a block reward (12.5BTC today, which gets cut in half every 4 years). This is how you get paid back for spending your energy/money.

If I have 51% of the hashrate, what happens?

When you own just over 50% of the hashrate, you can dominate the writes into the ledger because you can over time produce a longer chain than the other less than 50% hashrate combined. This means you can rewrite history by mining a longer (cumulative proof of work) chain of your own choosing and broadcasting your chain at a later date, causing all nodes to think that you have the true valid chain!

Can I write anything I want into the ledger?

No. You can only write valid Bitcoin transactions. Since the block you produced will be verified by all other nodes, violating any of the rules of the Bitcoin network will cause your block to be rejected, and thus all the money you just spent buying lottery tickets is burned and irrecoverable.

Even if you controlled 100% of the mining on the network, here are some of the the things you would not be able do:

You cannot move or spend coins that are not yours (steal).

You cannot create new coins out of thin air (inflate).

You cannot mine coins faster than the algorithm will allow (one block on average every 10 minutes)

You cannot do anything that is considered invalid by the Bitcoin protocol such as produce blocks that are too large, incorrectly formatted, etc.

Doing any of these things would cause the blocks you produced to be rejected by any full node on the network. Examples of non-mining full nodes would be those run by exchanges, merchants, wallet providers, or anyone who wants to verify transactions they receive. These attacks only work if the people taking your blocks are not verifying their contents. This incidentally is why non-mining full nodes matter. A lot.

Here are the things you can do with a majority of the hashrate:

You can stop certain (or all) transactions from flowing into the ledger, meaning you can cause the blockchain to “stop working”

You can, given enough money, roll back and rewrite the history of the ledger. Using this you can perform a “double spend” attack by spending some Bitcoins to, for example, buy a house, then rolling back history as if that spend never happened.

In practice, these attacks are extremely costly to perform and yield you very little, though we should not discount the possibility that a malicious actor (e.g. a state) could perform them in the future, if their motive is the disruption of the network rather than profit.

As for the censorship attack, this is probably the hardest one to block. A truly malicious actor that was willing to spend enough money/energy as the full network could stop the chain from propagating transactions. However, the network would likely fork to a new PoW algorithm at that point, rendering the attacker’s hardware instantly useless. They would have expended tremendous resources (as much energy as some major countries) performing an attack that would last a little bit, and then be squashed. We’re talking hundreds of millions of dollars for an attack that amounts to at most a little bit of FUD and does nothing of significance to the network in the long run.

The double-spend attack has been performed in practice on chains with bugs or low hashpower. It is extremely costly to perform on Bitcoin, and if you were successful in doing this, in practice whoever gave you the goods in exchange for your Bitcoin would come after you. It’s extremely difficult to buy expensive things like houses/cars anonymously. The best form of this attack is to transfer BTC to an exchange, exchange it for something else, and then roll back the BTC spend. But again, you have to do all of this without any trace of who you are on the exchange. The economics of performing such an attack are not in your favor.

So is mining centralized or not?

Well, part of the point of this article is that it doesn’t matter as much as you think. Also, it’s really hard to tell. Sure, only a few mining pools control the majority of the hashrate, but those are pools made up of individual miners who can switch away from the pool.

You can see the mining pool distribution here. Slushpool controls 10% of the hash rate, but if you look at Slushpool’s stats page you’ll note that they show 16k individual miners contributing to that hash rate. Could Slushpool start acting maliciously? Yes, but then miners will go elsewhere. There is in fact precedent, when in 2014 the ghash.io mining pool approached 51% hash rate and miners left in order to avoid centralization.

There is also the promising BetterHash proposal which will allow individual miners more control over the transactions they’re mining, thus stripping pools of some of their centralized characteristics.

To sum it up, your coins are safe, even from a centralized mining cartel, as long as full nodes continue to validate transactions on the network.

If you want to learn more about attacks possible with mining centralization, Jimmy Song did an in depth dive.