The whole point of restricting the block size was to ensure space in the blockchain was scarce to drive the price of fees up, better securing the network. Well, that and keeping the blockchain total size small enough to be processed on an regular user's PC for decentralization sake. While a loss of some decentralization is non-ideal,
increasing the block size dynamically, similarly to how difficulty is handled, would be a reasonable compromise to ensure the security of the network long term.
lagniappe · 8h ago
Monero does dynamic block size. It works fine. There is a penalty for large swings in size and that controls the fee which allows the fee to be appropriate during swells and luls in volume.
beeflet · 7h ago
Something I would like to see from the cryptocurrency space is some way for the block size to fluctuate with daily and weekly transaction volume. For example, you would expect that the transaction volume would be greater when it is daytime on the east coast, so the blocksize should adapt to those temporal changes as well.
If there is a certain latentcy/bandwidth/storage/decentralization tradeoff with block sizes, then we ought to design cryptocurrencies to make the most of this tradeoff with respect to predictable low/high demand.
slwvx · 7h ago
Ethereum changes the cost to use the network based on recent block sizes, and allows the block size to go up during high demand. So it's cheaper to use the network when blocks are less full, and more expensive if blocks are mostly full. I'm behind on the current parameters, but they're essentially doing what you ask for:
Bitcoin: lets make it so a medium grade computer and internet connection by 2008’s midrange standards works. Forever.
Solana: let’s make it so that enthusiast grade computers and internet connectivity by 2024’s high range standard works. Sometimes. But keep pushing.
msgodel · 7h ago
Is solana even decentralized? I thought it was like ripple. I haven't been paying too much attention though.
yieldcrv · 6h ago
There are unaffiliated nodes, you can run your own validator and stake independently.
This decentralizes transaction processing and arbitrary code execution.
Client upgrades and hard forks are largely centralized. This isn’t one and the same with the transaction processing nodes compared to bitcoin.
Saying centralized without context is reductive and doesn’t tell much though. I would like all aspects less centralized though.
coolKid721 · 8h ago
Lol total garbage people have been whining about the blocks regularly being EMPTY now, a huge % of transactions just occur off chain on exchanges/lightning/etc. There are no 100 dollar fees you can basically do everything for basically free.
https://mempool.space/
look, you can see how many blocks aren't filled lol. This piece is literally just garbage. Big blockers are scam artists.
FabHK · 7h ago
The 100$ fee per transaction is what it would cost to sustain current miner revenue without mining reward (ie. mining revenue derived somewhat invisibly from money supply increase).
The piece is not garbage, but a thoughtful introduction to a problem that's approaching inexorably.
greyface- · 2h ago
> sustain current miner revenue
Why should this be the goal?
I'm sure miners would love to see their revenue never decrease, but this isn't a problem for users or for the security of the network. Block reward does not need to remain at or above current levels forever; it just needs to remain predictable from block to block. Difficulty adjustment works both up and down, even if we've only seen it go up so far. The 51% risk is overblown - the network is significantly overprotected right now, and we could stand to lose a few orders of magnitude without jeopardizing security/availability. Plus, it might even placate the energy consumption doomsayers.
As GP notes, empty blocks are now common, which is in fact a bigger risk in a low-subsidy environment. Maybe we should instead reduce minrelaytxfee to 0.1 sat/vB to incentivize full blocks.
beeflet · 7h ago
On the lightning network, fees are distributed to rent-seeking intermediaries instead of miners, yet the network is still dependent on the security from the miners. The lightning network is parasitic to bitcoin.
Blocks are empty because people decided that bitcoin was not a feasible means of transaction nearly a decade ago during the blocksize war.
derangedHorse · 4h ago
If you think peers on the Lightning network are “rent-seeking” intermediaries then you don’t understand what Lightning is. Peers allow us to circumvent the need for every counterparty to make a channel with one another and allow us to maintain privacy via onion routing. There’s no rent seeking here. Nodes pay fees to one another because these benefits come at the cost of liquidity for participating routing nodes.
Tokumei-no-hito · 8h ago
fair challenge to their proposed solution, but it doesn't negate the security premise does it? what do you think is a good alternative?
big_toast · 9h ago
This page's design is great and what I thought tufte-ian journalism would have led to. Using the presentation of quasi-mathematical facts in relatively grokkable formats to explain the state of the world in a way that can update itself several months or years later.
Specifically some of the political discussions lately feel like they could use better dashboards. The call to action at the end of this article with three main solutions called out now has some context in several dimensions (time, space, monetary).
The doge.gov website for instance would've been a prime candidate for that, like some sort of observablehq.com ability slice and dice a data dashboard. But then you also have to be able to trust the data I suppose.
I think the budget day article does a good job contextualizing all its data and guides you through it intuitively. It's more like an essay that has the dashboard woven into it. In 4 months if the fees change or BTC price changes etc. the article is still relatively up to date.
So I think that project2025 website maybe does the dashboard thing that never really took off. There's lots of open data or government data sites that have dashboards but seem like they became data portals. They never became a broad format for explanation or persuasion.
A standard dashboard might be better than nothing. But the tufte-ian dashboard seems like it would have more affordances like this budget day does.
Tokumei-no-hito · 7h ago
it would be great if each tracked event was linked to a section of the project 2025 language. as it stands, to someone unfamiliar, it is just a list of initiatives the trump admin has completed.
xinayder · 1h ago
I like that no one brings up the question that Bitcoin is not really decentralized. Most of the Core devs are paid by a company (iirc it was Blockstream but might've changed), and ultimately, the paycheck they receive dictates which direction the most used Bitcoin wallet should go, which dictates the direction of the project as a whole.
There were several attempts of merging important BIPs, which were rejected because some developers thought it wasn't in line with the direction their employer wanted.
paulgb · 8h ago
I've said it before but really feels like a flaw that the halvings are discrete and happen suddenly every four years, instead of gradually each block. As far as I can tell the only advantage to it is that it makes the math simpler. The disadvantage is that it creates weird market dynamics in which large amounts of mining capacity are plunged into unprofitability in one instant. If I wanted to run a 51% attack, I'd look to buy up suddenly-unprofitable capacity immediately after a halving.
fiatjaf · 8h ago
This big block propaganda piece fails to address the most obvious issue with their proposal: that increasing block sizes will just increase fees linearly. No one will pay more in fees per transaction because there will be a lot of space left in blocks, so people will keep paying $0.20 per transaction, which today gets us $400, so now we'll get $800? That if increasing the block size doesn't reduce the base $0.20 to some smaller average.
The actual solution to the security budget is to make a ton of payments in a (blindly) merge-mined sidechain and ensure those transactions there pay lower fees but those lower fees get aggregated into a single high-fee paid on Bitcoin. That is the Drivechain proposal: https://drivechain.xyz/.
beeflet · 7h ago
Yes, but there will be far greater total demand for transactions because the costs will no longer be prohibitive to certain types of commerce (which has network effects).
Drivechain is an idiotic proposal to just give total control of the network to miners. Atomic swaps already enable the same thing, except without a wealth transfer to miners.
osigurdson · 9h ago
According to ChatGPT, Bitcoin market cap is $2T while the cost to carry out a 51% attack is $4B. If correct, it seems a little imbalanced.
olalonde · 9h ago
First, that figure is way off. Marathon alone has a market cap over $4B and controls less than 5% of the total hash rate.
Second, the system only seems vulnerable if you ignore economic incentives. A 51% attack isn't just technically difficult - it's economically irrational. Pulling it off would cost billions, and even then, there's no clear way to profit from it. The only scenario where it makes sense is a non-economic actor (e.g. a hostile government) aiming to disrupt Bitcoin. But even then, that investment could be neutralized by a fork that tweaks the mining algorithm, instantly rendering the attacker's hardware obsolete.
jowea · 8h ago
If we're talking about a fork, couldn't a fork just ignore the attack? The normal miners aren't forced to use the attacker's blocks after all.
olalonde · 7h ago
The problem is that there's no reliable way to identify who mined a given block, so you can't simply have the network "ignore blocks from the attacker." The coinbase transaction may contain identifying info (e.g., pool name) but it's not mandatory nor authenticated.
wmf · 8h ago
It's true that buying 51% hash power would cost far more than $4B. Some people assume that you could rent 51% hash power for a short time (like a day) to do the attack.
osigurdson · 8h ago
According to ChatGPT (bad source I know but can't find it anywhere else), the entire value of the entire mining network is about $6B. What do you think it is?
wmf · 8h ago
Closer to $20B. MARA owns $1B in equipment for example.
osigurdson · 6h ago
I guess all of these arguments have existed since the beginning of Bitcoin (51% attack, miner centralization, supply chain centralization, etc). What we do know is while it theoretically could happen it hasn't happened yet.
daveguy · 7h ago
Why would someone want a random block chain company to own 5% of the possibility of destroying their holdings? What if the company gets co-opted by some nation state actor? Bitcoin really seems like a terrible place to keep wealth.
olalonde · 1h ago
I'm not sure I follow your question. Who is the "someone" you're referring to? And what do you mean by "destroying their holdings"? Even in a 51% attack, an attacker can't alter wallet balances or arbitrarily erase funds.
Also, what alternative "place to keep wealth" is truly immune to a nation-state actor? Cryptocurrency is actually unique in that, with something like a brainwallet, seizure can be made practically impossible.
wmf · 7h ago
If you own 5% of the hash rate you have ~0% ability to attack the network.
daveguy · 7h ago
Yes, but if you're a nation state with dictatorial control over a nation's resources, +5% might be all you need.
derangedHorse · 4h ago
Just for the energy:
Current hash rate is around 995m TH/s[1]. The best off the shelf miner on the market is the S21 which can hash at ~200 TH/s [2]. Assuming all of the hash rate comprised of S21s without operational inefficiency, we would have ~4,975,000 S21s hashing on the network. They also use up about 16.67 J/TH , which is 3334 J for 200TH. This is what’s expended per second.
The average time to mine a block is 10 minutes so let’s convert our J spent per block for one miner
: 33346010 = 2,000,400. With about 4m of these, that’s about 8 trillion joules per block. Now if we divide that by 3.6m to get kWh, we’re back around ~2m kWh per block. Texas is about 15 cents per kWh so we get about $300k spent per block.
To 51% attack, we’d need to spend a little bit more than that. With full competition, and an attempt to mine empty blocks, it would take about $48m to attack the network for a day (144 blocks). And that’s just back of the envelope math.
Realistically, not everyone has the latest and greatest in mining equipment and probably burn more money with less efficient miners.
And all this is on top of the capex required to acquire 4m S21s, which would be around $10B at around $3k a pop.
ChatGPT famously can't do math. A pocket calculator can give you the right answer here
paulgb · 8h ago
That's a dated rule at this point, ChatGPT has been able to use its Python interpreter as a calculator for a while and in my experience will opt to do that for back-of-the-envelope calculations.
SparkyMcUnicorn · 8h ago
Claude deep research estimates that it would cost 20-40b and "vastly exceeds the rational economic gain". Ideological/nation-state motivation would be the only reason to do this.
kortilla · 9h ago
That market cap would quickly collapse if there was a 51% attack.
Majromax · 9h ago
One can take short positions on bitcoin almost as easily as long positions. With enough leverage, a well-connected firm could probably make a low 11-digit bet fairly easily.
cmcaleer · 8h ago
Counterparty risk asks whether you'll collect on that bet.
Also, the firms who take the other side of that bet talk, and you aren't going to be able to get tens of billions of dollars of derivatives without people figuring out what you're doing and acting against you.
gruez · 8h ago
I see your ChatGPT generated argument and raise you my DeepSeek generated rebuttal:
1. The $4B "Cost" Is Fundamentally Misinterpreted:
* It's Not a "Cost" Like Buying an Asset: The $4B figure (if accurate) typically refers to the theoretical short-term cost to rent sufficient hashrate to perform a temporary attack. This does not mean you can "buy" control of Bitcoin for $4B.
* Acquisition Cost vs. Rental Cost: Actually acquiring the hardware (ASICs) and infrastructure (data centers, power contracts) needed to permanently threaten the network would cost orders of magnitude more – potentially tens or even hundreds of billions of dollars – and take years. This hardware market is finite and competitive.
* Sustained Cost Ignored: A meaningful attack requires sustained hashrate dominance for a significant time (days/weeks), not just a single block. The ongoing electricity and operational costs for this would be astronomical, likely exceeding the initial "rental" figure many times over during the attack period.
2. Market Cap Does Not Equal "Cost to Attack":
* Apples vs. Oranges: Comparing market cap (the total value of all coins) to attack cost is invalid. Market cap reflects speculative value based on future utility and scarcity. Attack cost is a technical and operational expenditure.
* You Don't "Steal" the Market Cap: Successfully executing a 51% attack does not grant the attacker control over the $2T in Bitcoin. At best, it allows double-spending their own coins or censoring some transactions temporarily. The vast majority of coins remain secured in wallets the attacker cannot access.
* Attack Destroys Value, Not Captures It: A successful attack would catastrophically undermine confidence in Bitcoin, causing its price (and thus market cap) to collapse rapidly. The attacker would destroy the very value they supposedly spent $4B to "access," making the attack economically irrational unless motivated by non-financial reasons (e.g., state-level sabotage).
3. Game Theory & Miner Incentives Are Ignored:
* Miners are Deeply Invested: Miners have billions invested in hardware, facilities, and operations. Their business model relies on Bitcoin having value. Deliberately attacking the network destroys their investment and future income. Honest mining is vastly more profitable long-term.
* Community Defense: The Bitcoin community would detect an attack in progress. Exchanges, businesses, and node operators would coordinate to reject the attacker's chain via a "hard fork," rendering the attack useless and isolating the attacker's resources. The attacker loses everything.
* Security Scales with Value: Bitcoin's security model is designed so that as the value (and thus reward for attacking) increases, the cost of attacking increases even more due to competition driving up hashrate and hardware costs. The $4B figure is a snapshot; a rising price attracts more miners, pushing attack costs higher.
4. Practical Realities Make It Near-Impossible:
* Hashrate Distribution: Bitcoin's hashrate is geographically distributed across thousands of entities and jurisdictions. Coordinating or coercing enough miners to collude for an attack is logistically and politically infeasible.
* Resource Mobilization: Amassing the physical resources (ASICs, power, data centers) secretly and quickly enough to launch a surprise attack without alerting the network is practically impossible at Bitcoin's scale.
* State Actor? Even if a powerful nation-state attempted this (ignoring cost), the detection risk is high, the economic fallout would be global, and the community fork defense would likely succeed, making it a costly failure.
Conclusion: The comparison between Bitcoin's market cap and a theoretical, misinterpreted attack cost fundamentally misunderstands Bitcoin's security model, economics, and game theory. The $4B figure drastically understates the real-world cost and ignores the catastrophic economic consequences for the attacker. Bitcoin's security lies not in it being impossible to temporarily disrupt, but in the immense, sustained, and economically irrational cost required to mount a meaningful and lasting attack, coupled with the network's robust defenses and stakeholder incentives. The imbalance perceived is an illusion created by comparing two fundamentally different metrics.
osigurdson · 8h ago
I guess in reality you would just pressure the big miners since the top 4 control 80%. Nuts.
olalonde · 7h ago
Where is that figure from? You're probably looking at mining pools, which don't actually own the hardware - individual miners do. A pool is just a service that coordinates many miners to work together and split the rewards. If a pool tried to behave maliciously, miners would simply switch to another pool and the pool would quickly lose its hashrate.
beeflet · 7h ago
The problem isn't pools but manufacturers.
Competitive ASIC miners are manufactured by only a few companies. It's not inconceivable that they could use TC to lock them to specific pools or simply refuse to sell ASICs to the general public.
ozgrakkurt · 7h ago
No one got time to read 15 paragraphs of AI slop
gruez · 6h ago
That's the point. It was written in response to AI slop in the first place. If you had the time to read the first sentence you'd understood that.
Lerc · 7h ago
So the two questions that I cannot see answered there.
How much does the security budget need to be?
When is it projected to drop below that?
The closest they come to addressing that seems to be a quote saying
"We might have only two halvings left before this becomes a serious issue."
So 8 years-ish?
The original intention was to fund the network entirely off fees eventually. I don't think there was a stated expectation of block size, but it was intended to be made larger at some point.
Before coming up with specific solutions to the cost of securing the network I would think that evaluating what the acceptable range of cost/security should be would be the first starting point.
I feel they also neglect a realistic evaluation of the likelihood of a 51% attack. As soon as someone interferes with the network by 51% attack, everybody knows that it has happened. What countermeasures might be deployed?
While a miner confirming a block is like a rubber stamp from an auditor, there is nothing to stop other people from checking their work. If there are shenanigans they can be spotted, if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol. Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus. Because of the scale required to do a 51% attack on BitCoin it would almost certainly be detectable who was doing it. Under an attack people would be prepared to swiftly agree to some rule to exclude the attacker, the alternative is just two severe. You could think of it as a fork or you could think of the attackers version as the fork. You could have anything from, 'Today we stop accepting blocks from that pool over there', to 'From now until this mess is resolved, Kate confirms all blocks with her private key, We trust Kate, she's nice' The mitigation could be prosaic or fantastic, it doesn't matter, the thing that people agree upon will be the new chain. A fallback proof of work algorithm that requires more generalised hardware would work well. In case of attack, switch back to GPUs and a lower hash rate on a newer algorithm. ASICs become redundant and the network redistributes to whoever is supplying the GPUs. Then to do a 51% attack the attacker must not only have enough to 51% the ASIC hash rate, but have in reserve more GPUs than the rest of the world can bring to bear at short notice to 51% the fallback method.
FabHK · 6h ago
> How much does the security budget need to be?
There's the famous paper "The Economic Limits of Bitcoin and the Blockchain" [0, 1] answering this question. Bottom line: huge.
> Nakamoto’s novel form of trust faces serious economic limits. It is unusually expensive in absolute terms relative to the stakes involved, and its expense scales linearly with the stakes involved. [...] if permissionless consensus in its pure form were to become a more important part of the global economic and financial system than it has been to date, then the costs of securing the trust would become preposterous — more than all of global GDP in some
scenarios.
David Rosenthal has good introductory posts on this [2] in his excellent blog.
How much really has to be measured with respect to a motivated attacker. If no one wants to attack it, it could stay low for a long time. The ideal answer would be to keep the hash rate as high as possible for as long as possible. With the appreciation of the asset, people would think the risk of an attack is growing higher but an attacker can only do so much with 51%.
They can either double spend by reversing the chain (in which case they’d have to accumulate enough bitcoin for to make it worthwhile in the first place) or they can mine empty blocks and prevent any transactions from being processed.
beeflet · 7h ago
>How much does the security budget need to be?
I don't know but I expect it to be proportional to market cap, not getting cut in half forever.
>The original intention was to fund the network entirely off fees eventually.
I think this was a half-baked idea from satoshi. My theory is that the bitcoin distribution was chosen to avoid having to decide on any "arbitrary" emission schedule. Bitcoin basically acts an experiment to determine what level of coinbase reward is safe, through bisection.
>if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol.
Who? Just bitcoin users in general? There is no group that stands to gain, it's sort of a tragedy of the commons situation.
Bitcoin's security is tied to ASIC hardware. You can't just spin up a couple desktops at home to protect the network anymore.
>A fallback proof of work algorithm that requires more generalised hardware would work well.
I think monero already does this. Look up "RandomX" it is amazing to read about. But the problem is that these CPU-mined coins are even easier to attack because you can easily rent hardware or use a botnet to do a 51% attack. Whereas with bitcoin you need to buy a bunch of ASICs which would be devalued by such an attack.
>Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus.
I was going to write a long response to this, but in a nutshell classical consensus and PoS sucks.
rtkwe · 5h ago
The big issue is the fork and fixing it represents a decision about who has and hasn't gotten paid so the fork is quite sticky for those who's transactions do not appear on the post attack branch to want to stick the the attacked branch. This was relatively easy when they did it in the early days of ETH after the DAO hack but AFAIK there's no on chain mechanism for a similar hard fork to happen to BTC. Even in ETH I'd be surprised if a similar response happened to a similar level of attack, voting power on EIPs was significantly more concentrated back in 2016.
Any way you slice it there's still a centralization of power of when to activate any of these defense mechanisms.
charcircuit · 7h ago
I think switching to something like proof of stake where bad actors can be punished is the best way forward to avoid honest nodes betraying the network.
Trying to maximize mining profit is adversarial with the end users and makes using bitcoin unattractive.
827a · 8h ago
Wow, its almost like deflationary currency isn't a good idea. Who would have thought? Certainly, uh, most economists.
desumeku · 8h ago
This article has nothing to do with the inflationary or deflationary nature of the currency, this is a problem solely caused by the block size limit, which other cryptocurrencies are free from and don't worry about.
beeflet · 7h ago
There are more inflationary emission schedules which are safer, and don't rely so much on transaction fees to subsidize mining. For example, look at the constant tail emission used by dogecoin and monero.
827a · 6h ago
It has everything to do with the deflationary nature of the currency. Its stated so right in their potential solutions:
> Tail emission: stop halvings and allow infinite inflation
The reality that no one wants to talk about is that Bitcoin is screwed and there's no way out of it, because of bad fundamental design.
Increasing block size will only work to solve the problem of Bitcoin's Security Budget if it brings in more usage/transactions; but Bitcoin's adherence to its traditionalist values is what led to the creation of a billion other cryptocurrencies to solve this exact problem, they do solve it, and they experience significantly higher transaction volume as a result. There's no evidence that volume is going to come back to Bitcoin. On the contrary; volume is down on Bitcoin, significantly, the usage these days looks more like 2018/2019. Its not coming back.
It also doesn't help that crypto, in general, is a dying technology.
> Burning dormant coins (e.g., Satoshi’s)
The fact that this is suggested, even as the last possible solution, should scream volumes about where this project and Bitcoin is at. This possibility shouldn't even be on this list. Not only would it do all the things the article says it would do (violate property rights, incite riots); it wouldn't even solve the problem. It would just buy a few years of time.
But as long as the miners have to buy their mining equipment using inflationary US Dollars; they're screwed. The only thing that would keep it going is growth in the usage of the currency, but (1) all growth stops eventually, and (2) even if it didn't, Bitcoin seems designed from day one to inhibit its own growth, because it was designed by an idiot crypto-maxy anarchist teenager who made the predictable software engineer mistake of thinking skill in compsci makes you skilled at everything.
If there is a certain latentcy/bandwidth/storage/decentralization tradeoff with block sizes, then we ought to design cryptocurrencies to make the most of this tradeoff with respect to predictable low/high demand.
https://eips.ethereum.org/EIPS/eip-1559
Solana: let’s make it so that enthusiast grade computers and internet connectivity by 2024’s high range standard works. Sometimes. But keep pushing.
This decentralizes transaction processing and arbitrary code execution.
Client upgrades and hard forks are largely centralized. This isn’t one and the same with the transaction processing nodes compared to bitcoin.
Saying centralized without context is reductive and doesn’t tell much though. I would like all aspects less centralized though.
The piece is not garbage, but a thoughtful introduction to a problem that's approaching inexorably.
Why should this be the goal?
I'm sure miners would love to see their revenue never decrease, but this isn't a problem for users or for the security of the network. Block reward does not need to remain at or above current levels forever; it just needs to remain predictable from block to block. Difficulty adjustment works both up and down, even if we've only seen it go up so far. The 51% risk is overblown - the network is significantly overprotected right now, and we could stand to lose a few orders of magnitude without jeopardizing security/availability. Plus, it might even placate the energy consumption doomsayers.
As GP notes, empty blocks are now common, which is in fact a bigger risk in a low-subsidy environment. Maybe we should instead reduce minrelaytxfee to 0.1 sat/vB to incentivize full blocks.
Blocks are empty because people decided that bitcoin was not a feasible means of transaction nearly a decade ago during the blocksize war.
Specifically some of the political discussions lately feel like they could use better dashboards. The call to action at the end of this article with three main solutions called out now has some context in several dimensions (time, space, monetary).
The doge.gov website for instance would've been a prime candidate for that, like some sort of observablehq.com ability slice and dice a data dashboard. But then you also have to be able to trust the data I suppose.
I think the budget day article does a good job contextualizing all its data and guides you through it intuitively. It's more like an essay that has the dashboard woven into it. In 4 months if the fees change or BTC price changes etc. the article is still relatively up to date.
So I think that project2025 website maybe does the dashboard thing that never really took off. There's lots of open data or government data sites that have dashboards but seem like they became data portals. They never became a broad format for explanation or persuasion.
A standard dashboard might be better than nothing. But the tufte-ian dashboard seems like it would have more affordances like this budget day does.
There were several attempts of merging important BIPs, which were rejected because some developers thought it wasn't in line with the direction their employer wanted.
The actual solution to the security budget is to make a ton of payments in a (blindly) merge-mined sidechain and ensure those transactions there pay lower fees but those lower fees get aggregated into a single high-fee paid on Bitcoin. That is the Drivechain proposal: https://drivechain.xyz/.
Drivechain is an idiotic proposal to just give total control of the network to miners. Atomic swaps already enable the same thing, except without a wealth transfer to miners.
Second, the system only seems vulnerable if you ignore economic incentives. A 51% attack isn't just technically difficult - it's economically irrational. Pulling it off would cost billions, and even then, there's no clear way to profit from it. The only scenario where it makes sense is a non-economic actor (e.g. a hostile government) aiming to disrupt Bitcoin. But even then, that investment could be neutralized by a fork that tweaks the mining algorithm, instantly rendering the attacker's hardware obsolete.
Also, what alternative "place to keep wealth" is truly immune to a nation-state actor? Cryptocurrency is actually unique in that, with something like a brainwallet, seizure can be made practically impossible.
The average time to mine a block is 10 minutes so let’s convert our J spent per block for one miner : 33346010 = 2,000,400. With about 4m of these, that’s about 8 trillion joules per block. Now if we divide that by 3.6m to get kWh, we’re back around ~2m kWh per block. Texas is about 15 cents per kWh so we get about $300k spent per block.
To 51% attack, we’d need to spend a little bit more than that. With full competition, and an attempt to mine empty blocks, it would take about $48m to attack the network for a day (144 blocks). And that’s just back of the envelope math.
Realistically, not everyone has the latest and greatest in mining equipment and probably burn more money with less efficient miners.
And all this is on top of the capex required to acquire 4m S21s, which would be around $10B at around $3k a pop.
[1] https://ycharts.com/indicators/bitcoin_network_hash_rate
[2] https://hashrateindex.com/rigs/bitmain-antminer-s21+
Also, the firms who take the other side of that bet talk, and you aren't going to be able to get tens of billions of dollars of derivatives without people figuring out what you're doing and acting against you.
1. The $4B "Cost" Is Fundamentally Misinterpreted:
* It's Not a "Cost" Like Buying an Asset: The $4B figure (if accurate) typically refers to the theoretical short-term cost to rent sufficient hashrate to perform a temporary attack. This does not mean you can "buy" control of Bitcoin for $4B.
* Acquisition Cost vs. Rental Cost: Actually acquiring the hardware (ASICs) and infrastructure (data centers, power contracts) needed to permanently threaten the network would cost orders of magnitude more – potentially tens or even hundreds of billions of dollars – and take years. This hardware market is finite and competitive.
* Sustained Cost Ignored: A meaningful attack requires sustained hashrate dominance for a significant time (days/weeks), not just a single block. The ongoing electricity and operational costs for this would be astronomical, likely exceeding the initial "rental" figure many times over during the attack period.
2. Market Cap Does Not Equal "Cost to Attack":
* Apples vs. Oranges: Comparing market cap (the total value of all coins) to attack cost is invalid. Market cap reflects speculative value based on future utility and scarcity. Attack cost is a technical and operational expenditure.
* You Don't "Steal" the Market Cap: Successfully executing a 51% attack does not grant the attacker control over the $2T in Bitcoin. At best, it allows double-spending their own coins or censoring some transactions temporarily. The vast majority of coins remain secured in wallets the attacker cannot access.
* Attack Destroys Value, Not Captures It: A successful attack would catastrophically undermine confidence in Bitcoin, causing its price (and thus market cap) to collapse rapidly. The attacker would destroy the very value they supposedly spent $4B to "access," making the attack economically irrational unless motivated by non-financial reasons (e.g., state-level sabotage).
3. Game Theory & Miner Incentives Are Ignored:
* Miners are Deeply Invested: Miners have billions invested in hardware, facilities, and operations. Their business model relies on Bitcoin having value. Deliberately attacking the network destroys their investment and future income. Honest mining is vastly more profitable long-term.
* Community Defense: The Bitcoin community would detect an attack in progress. Exchanges, businesses, and node operators would coordinate to reject the attacker's chain via a "hard fork," rendering the attack useless and isolating the attacker's resources. The attacker loses everything.
* Security Scales with Value: Bitcoin's security model is designed so that as the value (and thus reward for attacking) increases, the cost of attacking increases even more due to competition driving up hashrate and hardware costs. The $4B figure is a snapshot; a rising price attracts more miners, pushing attack costs higher.
4. Practical Realities Make It Near-Impossible:
* Hashrate Distribution: Bitcoin's hashrate is geographically distributed across thousands of entities and jurisdictions. Coordinating or coercing enough miners to collude for an attack is logistically and politically infeasible.
* Resource Mobilization: Amassing the physical resources (ASICs, power, data centers) secretly and quickly enough to launch a surprise attack without alerting the network is practically impossible at Bitcoin's scale.
* State Actor? Even if a powerful nation-state attempted this (ignoring cost), the detection risk is high, the economic fallout would be global, and the community fork defense would likely succeed, making it a costly failure.
Conclusion: The comparison between Bitcoin's market cap and a theoretical, misinterpreted attack cost fundamentally misunderstands Bitcoin's security model, economics, and game theory. The $4B figure drastically understates the real-world cost and ignores the catastrophic economic consequences for the attacker. Bitcoin's security lies not in it being impossible to temporarily disrupt, but in the immense, sustained, and economically irrational cost required to mount a meaningful and lasting attack, coupled with the network's robust defenses and stakeholder incentives. The imbalance perceived is an illusion created by comparing two fundamentally different metrics.
Competitive ASIC miners are manufactured by only a few companies. It's not inconceivable that they could use TC to lock them to specific pools or simply refuse to sell ASICs to the general public.
How much does the security budget need to be?
When is it projected to drop below that?
The closest they come to addressing that seems to be a quote saying "We might have only two halvings left before this becomes a serious issue."
So 8 years-ish?
The original intention was to fund the network entirely off fees eventually. I don't think there was a stated expectation of block size, but it was intended to be made larger at some point.
Before coming up with specific solutions to the cost of securing the network I would think that evaluating what the acceptable range of cost/security should be would be the first starting point.
I feel they also neglect a realistic evaluation of the likelihood of a 51% attack. As soon as someone interferes with the network by 51% attack, everybody knows that it has happened. What countermeasures might be deployed?
While a miner confirming a block is like a rubber stamp from an auditor, there is nothing to stop other people from checking their work. If there are shenanigans they can be spotted, if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol. Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus. Because of the scale required to do a 51% attack on BitCoin it would almost certainly be detectable who was doing it. Under an attack people would be prepared to swiftly agree to some rule to exclude the attacker, the alternative is just two severe. You could think of it as a fork or you could think of the attackers version as the fork. You could have anything from, 'Today we stop accepting blocks from that pool over there', to 'From now until this mess is resolved, Kate confirms all blocks with her private key, We trust Kate, she's nice' The mitigation could be prosaic or fantastic, it doesn't matter, the thing that people agree upon will be the new chain. A fallback proof of work algorithm that requires more generalised hardware would work well. In case of attack, switch back to GPUs and a lower hash rate on a newer algorithm. ASICs become redundant and the network redistributes to whoever is supplying the GPUs. Then to do a 51% attack the attacker must not only have enough to 51% the ASIC hash rate, but have in reserve more GPUs than the rest of the world can bring to bear at short notice to 51% the fallback method.
There's the famous paper "The Economic Limits of Bitcoin and the Blockchain" [0, 1] answering this question. Bottom line: huge.
> Nakamoto’s novel form of trust faces serious economic limits. It is unusually expensive in absolute terms relative to the stakes involved, and its expense scales linearly with the stakes involved. [...] if permissionless consensus in its pure form were to become a more important part of the global economic and financial system than it has been to date, then the costs of securing the trust would become preposterous — more than all of global GDP in some scenarios.
David Rosenthal has good introductory posts on this [2] in his excellent blog.
[0] Original 2018 version: https://www.nber.org/papers/w24717
[1] Updated 2024 version [pdf]: https://socialsciences.uchicago.edu/sites/default/files/2024...
[2] https://blog.dshr.org/2025/05/who-is-mining-bitcoin.html
https://blog.dshr.org/2018/06/cryptocurrencies-have-limits.h...
https://blog.dshr.org/2019/02/the-economics-of-bitcoin-trans...
https://blog.dshr.org/2024/05/fee-only-bitcoin.html
They can either double spend by reversing the chain (in which case they’d have to accumulate enough bitcoin for to make it worthwhile in the first place) or they can mine empty blocks and prevent any transactions from being processed.
I don't know but I expect it to be proportional to market cap, not getting cut in half forever.
>The original intention was to fund the network entirely off fees eventually.
I think this was a half-baked idea from satoshi. My theory is that the bitcoin distribution was chosen to avoid having to decide on any "arbitrary" emission schedule. Bitcoin basically acts an experiment to determine what level of coinbase reward is safe, through bisection.
>if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol.
Who? Just bitcoin users in general? There is no group that stands to gain, it's sort of a tragedy of the commons situation.
Bitcoin's security is tied to ASIC hardware. You can't just spin up a couple desktops at home to protect the network anymore.
>A fallback proof of work algorithm that requires more generalised hardware would work well.
I think monero already does this. Look up "RandomX" it is amazing to read about. But the problem is that these CPU-mined coins are even easier to attack because you can easily rent hardware or use a botnet to do a 51% attack. Whereas with bitcoin you need to buy a bunch of ASICs which would be devalued by such an attack.
>Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus.
I was going to write a long response to this, but in a nutshell classical consensus and PoS sucks.
Any way you slice it there's still a centralization of power of when to activate any of these defense mechanisms.
Trying to maximize mining profit is adversarial with the end users and makes using bitcoin unattractive.
> Tail emission: stop halvings and allow infinite inflation
The reality that no one wants to talk about is that Bitcoin is screwed and there's no way out of it, because of bad fundamental design.
Increasing block size will only work to solve the problem of Bitcoin's Security Budget if it brings in more usage/transactions; but Bitcoin's adherence to its traditionalist values is what led to the creation of a billion other cryptocurrencies to solve this exact problem, they do solve it, and they experience significantly higher transaction volume as a result. There's no evidence that volume is going to come back to Bitcoin. On the contrary; volume is down on Bitcoin, significantly, the usage these days looks more like 2018/2019. Its not coming back.
It also doesn't help that crypto, in general, is a dying technology.
> Burning dormant coins (e.g., Satoshi’s)
The fact that this is suggested, even as the last possible solution, should scream volumes about where this project and Bitcoin is at. This possibility shouldn't even be on this list. Not only would it do all the things the article says it would do (violate property rights, incite riots); it wouldn't even solve the problem. It would just buy a few years of time.
But as long as the miners have to buy their mining equipment using inflationary US Dollars; they're screwed. The only thing that would keep it going is growth in the usage of the currency, but (1) all growth stops eventually, and (2) even if it didn't, Bitcoin seems designed from day one to inhibit its own growth, because it was designed by an idiot crypto-maxy anarchist teenager who made the predictable software engineer mistake of thinking skill in compsci makes you skilled at everything.