One of the most fascinating discoveries I made during my Ph.D. studies was a structural demonstration of the inherent weaknesses in the Block Withholding (BWH) attack, a strategy once proposed as a Sybil control mechanism in Proof-of-Work (PoW) systems like Bitcoin and Ethereum (at that time).

To understand the BWH attack, let’s first look into how PoW mining pools operate. Many people know in rough terms that, in PoW, the main task is to find a nonce that produces a sufficiently small hash value. We do this by repeatedly hashing an enormous range of numbers—commonly referred to as “mining.” Statistically, we will eventually find one that meets the network’s criteria. Here’s the first challenge: when PoW difficulty is high, a personal computer or even a single server stands little chance on its own.

How did humans conquer Earth? It’s not because we’re physically stronger than other animals; it’s because we cooperate in groups. Similarly, to overcome high PoW difficulty, miners form “mining pools.” Imagine you’re a pool manager with many worker miners. Only a fraction of workers will find the right nonce for the network’s PoW (let’s call it the “full PoW,” or fPoW). This leads to another problem: how to measure each miner’s contribution when most miners never submit a valid fPoW solution.

The solution is to give miners an easier puzzle—one that produces a hash above the strict network threshold. We call these partial PoW solutions (pPoW). Submitting pPoW solutions demonstrates a miner’s work and justifies a share of the reward, even if they haven’t found an fPoW solution.

The BWH attack exploits this structure. What if a miner submits only pPoW solutions but deliberately withholds a valid fPoW solution? The miner (or an infiltrator from another pool) still collects rewards from pPoW shares without benefiting the target pool with the actual block. At first glance, this can be considered as sabotage which is not attractive alone. We can make it profitable. If one mining pool infiltrates another with a portion of its mining power and withholds the fPoW while continuing to submit pPoW, it can increase the infiltrating pool’s overall revenue. However, Ittay Eyal who proposed the BWH attack analyzed this attack as a dilemma-generating strategy, partly because pools could retaliate by launching the same attack back.

Later, this evolved into the Fork After Withholding (FAW) attack, an approach that effectively removes the dilemma by allowing larger pools to maintain most of the benefits without incurring mutual harm. In short, FAW improved on BWH by finding a way to publish the withheld block at the right moment, ensuring the attacker still gains from the network reward. This raised a critical question for me: If BWH (and its FAW variant) can be profitable, why don’t we see it happening on a large scale in practice?

To answer this, I looked into the structural vulnerabilities of mining pools that execute BWH attacks. My key insight was identifying a weak link: BWH attackers rely on miners’ ability to deceive the target pool, but this same deception can backfire on the attacking pool itself. In other words, miners within the attacking pool can also betray the attacker for personal gain. I pinpointed one specific betrayal strategy and named it Block Double-Submission (BDS). In this attack, the infiltration miners in the BWH attacker pool reports they withhold fPoW to the victim mining pool. And the infiltration miners sell fPoW to the victim mining pool. Therefore, the infiltration miners who betrayed their attacking pool gets reward from two mining pools with their fPoW.

To validate this idea, I examined two aspects:

  • Whether betrayal (BDS) is a dominant strategy.
  • How large the gains from such behavior can be.

Using a game-theoretic framework, I showed that miners’ betrayal is a Nash equilibrium in which all miners execute BDS without falling into a dilemma. Moreover, my quantitative analysis indicated that miners performing BDS could see up to double the profits, compared to the modest 5–6% gains from a BWH attack alone.

In conclusion, my study provided theoretical evidence that the structural vulnerabilities in BWH attacks make them largely infeasible in real-world scenarios. Once rational miners recognize the potential for BDS, the very mechanism that enables BWH can be turned against the attacker. Thus, these strategies are unlikely to succeed on a broad scale—and that, in my view, helps explain why large-scale BWH or FAW attacks have not become a common reality.