A PoS chain with a market capitalization of $300 million can actually 'take over' a PoW chain with a market capitalization of $6 billion.
Written by: Justin Bons, Founder of Cyber Capital
Translated by: Chopper, Foresight News
Qubic could have tampered with the transaction history of Monero (XMR) to implement a double-spending attack. It turns out that a PoS chain with a market capitalization of $300 million can 'take over' a PoW chain with a market capitalization of $6 billion, demonstrating the significant advantages of PoS.
Such attacks will continue, heralding the decline of Bitcoin; PoW is at the end of its road.
Complete account of the events
It all started in May when Qubit validators used idle computing resources to mine XMR as a side project to optimize yield, accounting for 2% of XMR's hash rate at that time. This move proved effective, and by June, Qubic officially decided to fully integrate XMR to fund its own ecosystem, rapidly expanding its mining pool to account for 10% of the XMR hash rate. Subsequently, Qubic began offering additional token incentives for its mining pool, attracting more existing XMR miners to join, as Qubic could offer rewards three times that of standard XMR mining pools.
Only after all of this was completed did Qubic publicly announce its intention to 'take over' the XMR network!
According to Qubic, as of late July, its hash rate was approaching an absolute majority, accounting for 38% of the XMR hash rate. Qubic touted this move as a 'show of strength' rather than a malicious attack, calling it a 'technical demonstration' of decentralized AGI computing...
Starting August 5, DDoS attacks against Qubic began to appear, slowing down the accumulation speed of its hash rate, but this counterattack was insufficient; on August 11, the 'selfish mining' attack was launched, and by August 12, Qubic's mining pool had achieved an 'absolute majority' of the XMR hash rate through this method.
To prove control over the network, they claimed to have completed a reorganization of 6 blocks, isolating over 60 blocks in the process. Some researchers have questioned this claim, but it is clear that within a cycle of 100 blocks, they had obtained an absolute majority of the hash rate. This was enough for Qubic to tamper with XMR's history, destroying the immutability, censorship resistance, and credibility that XMR should have maintained during that time.
This also enables them to implement double-spending attacks, potentially defrauding individuals, protocols, and institutions of massive amounts of money. This is exactly why most mainstream exchanges have suspended XMR deposits and withdrawals: if Qubic chooses to exploit this vulnerability, the exchanges will face the risk of being defrauded. The mere fact that 'such attacks could have been implemented during this time' is already bad enough.
As of today, the price of XMR has drastically dropped, and the hash rate has also decreased by over 30%... This confirms the vicious cycle when a PoW system collapses.
Qubic has positioned itself as an 'ally' of XMR, claiming to only 'express a viewpoint', with no intention of attacking XMR again... But the ability to 'propose this viewpoint' is itself deadly enough.
Lessons Learned
A PoS chain with a market capitalization of $300 million can take over a PoW chain with a market capitalization of $6 billion solely through token incentives. This fact speaks volumes, proving the inherent disadvantages of PoW, and provides a unique forward-looking perspective on the future of Bitcoin.
Funding a 51% attack on a large PoW chain with the token economy of a small PoS chain is something I had never thought of before. The incentive of 'free marketing' alone might be enough to support such a large-scale operation; otherwise, I likely wouldn't have paid attention to Qubic, and now it has garnered significant attention.
All PoW chains are vulnerable to such attacks due to their security budgets being significantly lower compared to PoS chains.
The introduction of political narratives undoubtedly complicates matters further; some may view the attackers as allies, further weakening the defense...
Notably, the security ratio of XMR (the ratio of market cap to security budget) is actually slightly better than that of BTC:
XMR: $55 million (block reward) × 0.51 (attack threshold) = $28 million (security budget) ÷ $6 billion (market cap) = 0.5% (annual security ratio)
BTC: $19 billion × 0.51 = $9.7 billion ÷ $2.2 trillion = 0.4%!
For reference, here are the security budget calculations for the three major PoS chains:
ETH: ($542 billion + $970 million + $3.33 billion) × 0.29 × 0.33 = $52.2 billion (10%)
SOL: ($101 billion + $1.15 billion + $5.26 billion) × 0.68 × 0.33 = $24.1 billion (23%)
ADA: ($29 billion + $0.1 billion + $700 million) × 0.60 × 0.51 = $9.1 billion (31.3%)
The security advantage of PoS is shocking: for example, ETH's market cap is only 1/4 that of BTC, yet its security budget is 5 times that of BTC, with an even lower inflation rate.
Another interesting finding is that XMR actually has tail inflation... This suggests that even if tail inflation increases when a BTC crisis erupts in the future, it may not be enough to withstand a sustained '51% attack' on its own.
All of this exacerbates the conflicts of interest, factional splits, and incentive chaos faced by PoW chains during a '51% attack'. We can at least conclude that if BTC encounters such a situation, it will be more chaotic and uncontrollable than expected.
Worse outcomes
Strictly speaking, this is not a '51% attack'; Qubic's hash rate share is less than 51%, ranging from approximately 28% to 38% according to different data sources; and because it did not implement theft or censorship, it does not fully meet the definition of an 'attack', but rather resembles a 'demonstration'.
The claim about the '6 block reorganization' is controversial, with some researchers stating that their nodes did not observe this situation; ordinary blockchain explorers cannot query such information either. Since the Cyber Capital research team was not running a Monero node at that time, I will refrain from commenting until more information clarifies the contradictions.
However, Qubic gained over 51% of block rights within 100 block periods through 'selfish mining', a fact acknowledged even by Qubic's critics. In my view, this alone is bad enough; it represents another form of attack: gaining control without exercising it, which does not negate the existence of control...
Therefore, I have no intention of downplaying the severity of the event by arguing over overly refined technical details; that will only allow us to evade reality.
Who is the next target?
The Qubic community has voted to decide that the next target is Dogecoin! This strategy also applies to chains using ASIC mining because the majority of Qubic's hash rate was 'co-opted' from existing miners through token incentives.
This means Qubic could potentially attack DOGE or even LTC (through merged mining). It is expected that they will not reveal their intentions in advance but will announce them once they approach obtaining an absolute majority hash rate, just as they did with XMR.
Of course, this strategy is not exclusive to Qubic; other chains may imitate it in the future to attack other smaller PoW chains.
Solution
Most members of the XMR community may not agree with my proposal: transitioning to PoS. The conclusion has become evident: PoS is objectively superior in terms of security, decentralization, fairness, and economic rationality. There is no reason to reject this new technological reality: evolve or perish.
Conclusion
Of all the PoW chains, XMR should least be subjected to such an attack. The XMR community consists of steadfast cypherpunks and privacy advocates, whose intentions are mostly commendable—they are fighting for the freedom of all of us, especially concerning privacy rights.
Hopefully, they can bounce back from this; transitioning to PoS would undoubtedly be stronger. Under extreme pressure, undergoing a complete transformation is the best manifestation of antifragility: just like diamonds, which are forged by high pressure.
