Some Chinese crypto mining pools have been soliciting miners with low fees but later raised the rates up to 5% even 10%, said Mao Shixing, founder of world’s third-largest bitcoin mining pool F2Pool, in a weibo post.

He continued to point out that these malicious mining pools then use their hashrate to attack other pools via block withholding attack, which has been more and more rampant over these years.

“It is ridiculous that the entire network’s hashrate (estimated according to the mining difficulty) of a mainstream cryptocurrency and all the mining pools’ hashrate differ by one quarter. That means, a quarter of the hashrate is used for block withholding attack against competing mining pools.”

Regarding this, Poolin cofounder Zhu Fa commented that ASIC miners do not have this problem, and he guessed Ethereum might be the aforementioned coin.

What is block withholding attack

Block withholding means a miner finds a new block but chooses to not broadcast it to the network. There are two types of blockchain withholding attacks. One, known as the Finney Attack, aims for financial gains when a double spend occurs; the second is to cause financial harm to a pool operator, as Mao said.

The reason for this is that many pools (including F2Pool) adopt PPS payment method. In this mode, the daily income of a pool is pre-estimated based on the hashrate of the pool, and miners get the estimated income according to the share they contributed. This means, miners connected to the pool could have a steady income every day, regardless of how much they actually mine. Therefore, in a PPS payout pool, miners would get paid normally for their mining, the consequence of a block withhold attack would be a straight loss to the pool operator.

Take bitcoin for example, if F2Pool suffers a block withholding attack in one day, as there’s 12.5 BTC in a new block, the pool will lose $100,000 (calculated based on the bitcoin price at $8000). Currently F2Pool accounts for about 10% hashrate of the whole network, and the theoretical output of the network is 1,800 BTC per day, so F2Pool could generate 180 blocks one day, that is a gain of $18 million (180 blocks * 12.5 BTC/block * $8,000/BTC), and F2Pool could earn about $45,000 per day calculated by its 2.5% fee rate. The cost is large to the pool.

Nothing they can do about it

This attack is typically undetectable as it just appears to be unlucky for the pool. An attacker can use a large number of distinct user names so it wouldn’t appear suspicious that no blocks had been solved.

Every pool is actually vulnerable to the threat, and there’s little they can do about it, according to Mao. Such attacks remained rare and generally insignificant in the past, but Mao noticed that it has been rampant these days. Malicious mining pools first solicit miners via low fees and then use their hashrate to launch block withholding attacks on their competitors.

“In this way, the attacker may force small pools or newcomers out of the game, get miners to desert these pools and thus control most of the hashrate, which could even result in 51% attack. That would be very scary.” Mao added.