Get the best data-driven crypto insights and analysis every week:
Monero’s Stress Test & The Risks to PoW Security
By: Tanay Ved
Thanks for reading Coin Metrics' State of the Network! Subscribe for free to receive new posts and support my work.
Key Takeaways:
Qubic briefly claimed majority control of Monero’s hashrate, triggering a shallow six-block reorganization of the ledger.
Monero’s RandomX algorithm broadened mining access through CPUs, but its lower hashrate left it vulnerable to concentration, enabling Qubic’s incentives to gain outsized influence.
The episode shows how smaller PoW networks with thinner security budgets and concentrated mining power can be more exposed to disruptions in consensus.
Introduction
Earlier this month, Monero faced a major network security incident. A Layer-1 blockchain called Qubic claimed control of over half Monero’s hashrate, allowing it to briefly rewrite part of the network’s transaction history. The episode demonstrated how smaller Proof-of-Work (PoW) blockchains can be more exposed to disruptions in consensus, raising questions about mining concentration and long-term security. While the incident was framed as a “stress-test” rather than a real double-spend attack, it shed light on the importance of distributed mining power and sustainable incentives for miners to secure PoW networks.
In this issue of State of the Network, we use the Monero episode as a case study to explore the risks tied to PoW security. We explain what constitutes a 51% attack and chain reorg, revisit past incidents on networks such as Ethereum Classic, and consider what this reveals about the vulnerabilities that smaller PoW chains can be exposed to.
Qubic’s Entrance, Monero’s Stress Test
On August 12th, Qubic claimed it had briefly captured a majority of Monero’s hashrate. In Proof-of-Work (PoW) networks, this type of event is often described as a “51% attack”, which occurs when a single actor or group of coordinated entities controls more than half (>50%) of a network's mining power. This majority control allows attackers to manipulate the network’s consensus, allowing them to re-organize blocks (“reorg”), censor transactions and attempt double spends, undermining trust in the network.
Like Bitcoin, Monero relies on miners to secure the network through PoW consensus, where participants expend computational power to propose and validate new blocks. But unlike Bitcoin, which uses specialized ASIC hardware optimized for its SHA-256 mining algorithm, Monero employs RandomX, an algorithm designed to run on general-purpose CPUs. While this lowers the barriers to mining, it also means Monero’s hashrate is far lower than Bitcoin’s (5.5 GH/s vs. 930 EH/s), leaving the network more vulnerable to concentration.
Source: Coin Metrics Network Data Pro
Qubic’s presence on Monero grew substantially since May. Through its “Useful Proof-of-Work” (UPoW) model, Qubic attracted miners to direct CPU resources toward Monero mining. Instead of rewarding miners directly with Monero’s native token XMR, Qubic sold the mined coins on the market, using proceeds to buy back and burn its own tokens. These higher rewards drew significant hashrate toward Qubic, boosting their mining profitability while heightening fears around network centralization.
Source: Coin Metrics Reference Rates
This culminated in a shallow six-block reorganization of the Monero ledger, with Qubic mining blocks faster than the rest of the network. While a small portion of history was briefly rewritten, researchers analyzing the incident found no proof of a 51% attack, but rather a demonstration of how concentrated incentives can temporarily tilt mining rewards.
Ethereum Classic Re-org (2020)
This incident isn’t isolated to Monero alone, as other networks like Bitcoin Gold (2019), Ethereum Classic (2019, 2020) and Bitcoin SV (2021) have faced similar events. One of the more severe occurred in August 2020, when Ethereum Classic went through a deep reorganization after a major mining pool went offline. An attacker privately mined a longer chain and then broadcast it to the network, replacing over 4,000 blocks and re-organizing thousands of prior transactions.
This is visible in block level data on Ethereum Classic between blocks10904147 and 10907761. The chart above reflects each block’s consensus size (in bytes), and the number of transactions in the block. During the attack, we see long stretches of red points where consensus size drops to zero, meaning those blocks were orphaned when the competing chain took over. The blue points mark the main chain that ultimately prevailed, with the attacker’s chain reorganizing thousands of prior blocks.
Hashrate Distribution & Miner Economics
These episodes show how the security of PoW networks depends on both the distribution of hashrate and the sustainability of miner incentives. Smaller PoW networks like Monero often operate with a much lower hashrate than Bitcoin, reflecting differences in mining hardware and overall scale. With less total power securing the chain, it takes fewer resources for a single pool or coordinated actor to reach majority control, leaving these networks more susceptible to disruptions in consensus.
Source: Coin Metrics Network Data Pro
As Qubic’s incident showed, hashrate can centralize around superior incentives. Miners need to be sustainably compensated to continue securing the network. Block rewards on Monero have declined steadily under its disinflationary schedule, with the network currently issuing ~430 XMR (around $120K at today’s prices) per day. Transaction fees add only a small supplement, currently ~9–10 XMR daily. This creates conditions where alternate incentive schemes, like Qubic’s uPoW model, can attract enough mining power to temporarily tip the balance of the network.
The chart below puts this dynamic into a broader context, showing hashprice (the revenue a miner earns per unit of hashrate, i.e. per hash per second per day) against average daily miner revenue across major PoW networks. Bitcoin sits in a class of its own, while mid-sized chains such as Monero, Litecoin, and ZCash cluster with thinner security budgets.
Source: Coin Metrics Network Data Pro
By contrast, Bitcoin’s much larger revenue base helps sustain both the distribution of ASIC hardware and the diversification of mining pools. While questions remain around transaction fee dynamics and pool concentration, the scale of Bitcoin’s hashrate and capital requirements makes coordinated attacks far more costly.
This is reinforced in research such as Breaking BFT, which finds that a 51% attack on Bitcoin is economically infeasible given the scale of capital investment in ASIC hardware and the electricity costs required to sustain such an attack.
Source: Coin Metrics Network Data Pro
Conclusion
Monero’s incident with Qubic was not a full-fledged 51% attack, but it served as a stress test for proof-of-work security. It shows how miner incentives, and concentrated mining power can leave smaller PoW blockchains exposed to disruptions in consensus, ultimately risking trust in the network. Past episodes on networks like Ethereum Classic show that these risks are not hypothetical, but recurring challenges.
Bitcoin’s scale remains a key differentiator, with the barriers to attack being far greater than on smaller networks. But questions over its long-term security model remain, particularly as block rewards continue to decline and transaction fees become a more important part of the security budget. Ultimately, the Qubic episode underscores that PoW security rests on both sustainable incentives and broad distribution of hashrate, and that incidents like these can be catalysts for networks to strengthen their resilience.
Coin Metrics Updates
This week’s updates from the Coin Metrics team:
Follow Coin Metrics’ State of the Market newsletter which contextualizes the week’s crypto market movements with concise commentary, rich visuals, and timely data.
As always, if you have any feedback or requests please let us know here.
Subscribe and Past Issues
Coin Metrics’ State of the Network, is an unbiased, weekly view of the crypto market informed by our own network (on-chain) and market data.
If you'd like to get State of the Network in your inbox, please subscribe here. You can see previous issues of State of the Network here.
