Bitcoin's Security Budget Issue: Problems, Solutions and Myths Debunked
53 comments
·June 29, 2025doublextremevil
lagniappe
Monero does dynamic block size. It works fine. There is a penalty for large swings in size and that controls the fee which allows the fee to be appropriate during swells and luls in volume.
beeflet
Something I would like to see from the cryptocurrency space is some way for the block size to fluctuate with daily and weekly transaction volume. For example, you would expect that the transaction volume would be greater when it is daytime on the east coast, so the blocksize should adapt to those temporal changes as well.
If there is a certain latentcy/bandwidth/storage/decentralization tradeoff with block sizes, then we ought to design cryptocurrencies to make the most of this tradeoff with respect to predictable low/high demand.
slwvx
Ethereum changes the cost to use the network based on recent block sizes, and allows the block size to go up during high demand. So it's cheaper to use the network when blocks are less full, and more expensive if blocks are mostly full. I'm behind on the current parameters, but they're essentially doing what you ask for:
yieldcrv
Bitcoin: lets make it so a medium grade computer and internet connection by 2008’s midrange standards works. Forever.
Solana: let’s make it so that enthusiast grade computers and internet connectivity by 2024’s high range standard works. Sometimes. But keep pushing.
msgodel
Is solana even decentralized? I thought it was like ripple. I haven't been paying too much attention though.
yieldcrv
There are unaffiliated nodes, you can run your own validator and stake independently.
This decentralizes transaction processing and arbitrary code execution.
Client upgrades and hard forks are largely centralized. This isn’t one and the same with the transaction processing nodes compared to bitcoin.
Saying centralized without context is reductive and doesn’t tell much though. I would like all aspects less centralized though.
coolKid721
Lol total garbage people have been whining about the blocks regularly being EMPTY now, a huge % of transactions just occur off chain on exchanges/lightning/etc. There are no 100 dollar fees you can basically do everything for basically free. https://mempool.space/ look, you can see how many blocks aren't filled lol. This piece is literally just garbage. Big blockers are scam artists.
FabHK
The 100$ fee per transaction is what it would cost to sustain current miner revenue without mining reward (ie. mining revenue derived somewhat invisibly from money supply increase).
The piece is not garbage, but a thoughtful introduction to a problem that's approaching inexorably.
beeflet
On the lightning network, fees are distributed to rent-seeking intermediaries instead of miners, yet the network is still dependent on the security from the miners. The lightning network is parasitic to bitcoin.
Blocks are empty because people decided that bitcoin was not a feasible means of transaction nearly a decade ago during the blocksize war.
Tokumei-no-hito
fair challenge to their proposed solution, but it doesn't negate the security premise does it? what do you think is a good alternative?
big_toast
This page's design is great and what I thought tufte-ian journalism would have led to. Using the presentation of quasi-mathematical facts in relatively grokkable formats to explain the state of the world in a way that can update itself several months or years later.
Specifically some of the political discussions lately feel like they could use better dashboards. The call to action at the end of this article with three main solutions called out now has some context in several dimensions (time, space, monetary).
The doge.gov website for instance would've been a prime candidate for that, like some sort of observablehq.com ability slice and dice a data dashboard. But then you also have to be able to trust the data I suppose.
whattheheckheck
Like this? https://www.project2025.observer/
big_toast
Eh, maybe not quite?
I think the budget day article does a good job contextualizing all its data and guides you through it intuitively. It's more like an essay that has the dashboard woven into it. In 4 months if the fees change or BTC price changes etc. the article is still relatively up to date.
So I think that project2025 website maybe does the dashboard thing that never really took off. There's lots of open data or government data sites that have dashboards but seem like they became data portals. They never became a broad format for explanation or persuasion.
A standard dashboard might be better than nothing. But the tufte-ian dashboard seems like it would have more affordances like this budget day does.
Tokumei-no-hito
it would be great if each tracked event was linked to a section of the project 2025 language. as it stands, to someone unfamiliar, it is just a list of initiatives the trump admin has completed.
paulgb
I've said it before but really feels like a flaw that the halvings are discrete and happen suddenly every four years, instead of gradually each block. As far as I can tell the only advantage to it is that it makes the math simpler. The disadvantage is that it creates weird market dynamics in which large amounts of mining capacity are plunged into unprofitability in one instant. If I wanted to run a 51% attack, I'd look to buy up suddenly-unprofitable capacity immediately after a halving.
osigurdson
According to ChatGPT, Bitcoin market cap is $2T while the cost to carry out a 51% attack is $4B. If correct, it seems a little imbalanced.
olalonde
First, that figure is way off. Marathon alone has a market cap over $4B and controls less than 5% of the total hash rate.
Second, the system only seems vulnerable if you ignore economic incentives. A 51% attack isn't just technically difficult - it's economically irrational. Pulling it off would cost billions, and even then, there's no clear way to profit from it. The only scenario where it makes sense is a non-economic actor (e.g. a hostile government) aiming to disrupt Bitcoin. But even then, that investment could be neutralized by a fork that tweaks the mining algorithm, instantly rendering the attacker's hardware obsolete.
osigurdson
I guess all of these arguments have existed since the beginning of Bitcoin (51% attack, miner centralization, supply chain centralization, etc). What we do know is while it theoretically could happen it hasn't happened yet.
jowea
If we're talking about a fork, couldn't a fork just ignore the attack? The normal miners aren't forced to use the attacker's blocks after all.
olalonde
The problem is that there's no reliable way to identify who mined a given block, so you can't simply have the network "ignore blocks from the attacker." The coinbase transaction may contain identifying info (e.g., pool name) but it's not mandatory nor authenticated.
wmf
It's true that buying 51% hash power would cost far more than $4B. Some people assume that you could rent 51% hash power for a short time (like a day) to do the attack.
null
osigurdson
According to ChatGPT (bad source I know but can't find it anywhere else), the entire value of the entire mining network is about $6B. What do you think it is?
daveguy
Why would someone want a random block chain company to own 5% of the possibility of destroying their holdings? What if the company gets co-opted by some nation state actor? Bitcoin really seems like a terrible place to keep wealth.
wmf
If you own 5% of the hash rate you have ~0% ability to attack the network.
SparkyMcUnicorn
Claude deep research estimates that it would cost 20-40b and "vastly exceeds the rational economic gain". Ideological/nation-state motivation would be the only reason to do this.
singpolyma3
ChatGPT famously can't do math. A pocket calculator can give you the right answer here
paulgb
That's a dated rule at this point, ChatGPT has been able to use its Python interpreter as a calculator for a while and in my experience will opt to do that for back-of-the-envelope calculations.
kortilla
That market cap would quickly collapse if there was a 51% attack.
Majromax
One can take short positions on bitcoin almost as easily as long positions. With enough leverage, a well-connected firm could probably make a low 11-digit bet fairly easily.
cmcaleer
Counterparty risk asks whether you'll collect on that bet.
Also, the firms who take the other side of that bet talk, and you aren't going to be able to get tens of billions of dollars of derivatives without people figuring out what you're doing and acting against you.
null
gruez
I see your ChatGPT generated argument and raise you my DeepSeek generated rebuttal:
1. The $4B "Cost" Is Fundamentally Misinterpreted:
* It's Not a "Cost" Like Buying an Asset: The $4B figure (if accurate) typically refers to the theoretical short-term cost to rent sufficient hashrate to perform a temporary attack. This does not mean you can "buy" control of Bitcoin for $4B.
* Acquisition Cost vs. Rental Cost: Actually acquiring the hardware (ASICs) and infrastructure (data centers, power contracts) needed to permanently threaten the network would cost orders of magnitude more – potentially tens or even hundreds of billions of dollars – and take years. This hardware market is finite and competitive.
* Sustained Cost Ignored: A meaningful attack requires sustained hashrate dominance for a significant time (days/weeks), not just a single block. The ongoing electricity and operational costs for this would be astronomical, likely exceeding the initial "rental" figure many times over during the attack period.
2. Market Cap Does Not Equal "Cost to Attack":
* Apples vs. Oranges: Comparing market cap (the total value of all coins) to attack cost is invalid. Market cap reflects speculative value based on future utility and scarcity. Attack cost is a technical and operational expenditure.
* You Don't "Steal" the Market Cap: Successfully executing a 51% attack does not grant the attacker control over the $2T in Bitcoin. At best, it allows double-spending their own coins or censoring some transactions temporarily. The vast majority of coins remain secured in wallets the attacker cannot access.
* Attack Destroys Value, Not Captures It: A successful attack would catastrophically undermine confidence in Bitcoin, causing its price (and thus market cap) to collapse rapidly. The attacker would destroy the very value they supposedly spent $4B to "access," making the attack economically irrational unless motivated by non-financial reasons (e.g., state-level sabotage).
3. Game Theory & Miner Incentives Are Ignored:
* Miners are Deeply Invested: Miners have billions invested in hardware, facilities, and operations. Their business model relies on Bitcoin having value. Deliberately attacking the network destroys their investment and future income. Honest mining is vastly more profitable long-term.
* Community Defense: The Bitcoin community would detect an attack in progress. Exchanges, businesses, and node operators would coordinate to reject the attacker's chain via a "hard fork," rendering the attack useless and isolating the attacker's resources. The attacker loses everything.
* Security Scales with Value: Bitcoin's security model is designed so that as the value (and thus reward for attacking) increases, the cost of attacking increases even more due to competition driving up hashrate and hardware costs. The $4B figure is a snapshot; a rising price attracts more miners, pushing attack costs higher.
4. Practical Realities Make It Near-Impossible:
* Hashrate Distribution: Bitcoin's hashrate is geographically distributed across thousands of entities and jurisdictions. Coordinating or coercing enough miners to collude for an attack is logistically and politically infeasible.
* Resource Mobilization: Amassing the physical resources (ASICs, power, data centers) secretly and quickly enough to launch a surprise attack without alerting the network is practically impossible at Bitcoin's scale.
* State Actor? Even if a powerful nation-state attempted this (ignoring cost), the detection risk is high, the economic fallout would be global, and the community fork defense would likely succeed, making it a costly failure.
Conclusion: The comparison between Bitcoin's market cap and a theoretical, misinterpreted attack cost fundamentally misunderstands Bitcoin's security model, economics, and game theory. The $4B figure drastically understates the real-world cost and ignores the catastrophic economic consequences for the attacker. Bitcoin's security lies not in it being impossible to temporarily disrupt, but in the immense, sustained, and economically irrational cost required to mount a meaningful and lasting attack, coupled with the network's robust defenses and stakeholder incentives. The imbalance perceived is an illusion created by comparing two fundamentally different metrics.
osigurdson
I guess in reality you would just pressure the big miners since the top 4 control 80%. Nuts.
olalonde
Where is that figure from? You're probably looking at mining pools, which don't actually own the hardware - individual miners do. A pool is just a service that coordinates many miners to work together and split the rewards. If a pool tried to behave maliciously, miners would simply switch to another pool and the pool would quickly lose its hashrate.
ozgrakkurt
No one got time to read 15 paragraphs of AI slop
gruez
That's the point. It was written in response to AI slop in the first place. If you had the time to read the first sentence you'd understood that.
fiatjaf
This big block propaganda piece fails to address the most obvious issue with their proposal: that increasing block sizes will just increase fees linearly. No one will pay more in fees per transaction because there will be a lot of space left in blocks, so people will keep paying $0.20 per transaction, which today gets us $400, so now we'll get $800? That if increasing the block size doesn't reduce the base $0.20 to some smaller average.
The actual solution to the security budget is to make a ton of payments in a (blindly) merge-mined sidechain and ensure those transactions there pay lower fees but those lower fees get aggregated into a single high-fee paid on Bitcoin. That is the Drivechain proposal: https://drivechain.xyz/.
beeflet
Yes, but there will be far greater total demand for transactions because the costs will no longer be prohibitive to certain types of commerce (which has network effects).
Drivechain is an idiotic proposal to just give total control of the network to miners. Atomic swaps already enable the same thing, except without a wealth transfer to miners.
Lerc
So the two questions that I cannot see answered there.
How much does the security budget need to be?
When is it projected to drop below that?
The closest they come to addressing that seems to be a quote saying "We might have only two halvings left before this becomes a serious issue."
So 8 years-ish?
The original intention was to fund the network entirely off fees eventually. I don't think there was a stated expectation of block size, but it was intended to be made larger at some point.
Before coming up with specific solutions to the cost of securing the network I would think that evaluating what the acceptable range of cost/security should be would be the first starting point.
I feel they also neglect a realistic evaluation of the likelihood of a 51% attack. As soon as someone interferes with the network by 51% attack, everybody knows that it has happened. What countermeasures might be deployed?
While a miner confirming a block is like a rubber stamp from an auditor, there is nothing to stop other people from checking their work. If there are shenanigans they can be spotted, if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol. Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus. Because of the scale required to do a 51% attack on BitCoin it would almost certainly be detectable who was doing it. Under an attack people would be prepared to swiftly agree to some rule to exclude the attacker, the alternative is just two severe. You could think of it as a fork or you could think of the attackers version as the fork. You could have anything from, 'Today we stop accepting blocks from that pool over there', to 'From now until this mess is resolved, Kate confirms all blocks with her private key, We trust Kate, she's nice' The mitigation could be prosaic or fantastic, it doesn't matter, the thing that people agree upon will be the new chain. A fallback proof of work algorithm that requires more generalised hardware would work well. In case of attack, switch back to GPUs and a lower hash rate on a newer algorithm. ASICs become redundant and the network redistributes to whoever is supplying the GPUs. Then to do a 51% attack the attacker must not only have enough to 51% the ASIC hash rate, but have in reserve more GPUs than the rest of the world can bring to bear at short notice to 51% the fallback method.
beeflet
>How much does the security budget need to be?
I don't know but I expect it to be proportional to market cap, not getting cut in half forever.
>The original intention was to fund the network entirely off fees eventually.
I think this was a half-baked idea from satoshi. My theory is that the bitcoin distribution was chosen to avoid having to decide on any "arbitrary" emission schedule. Bitcoin basically acts an experiment to determine what level of coinbase reward is safe, through bisection.
>if a genuine 51% attack were to happen people would be highly motivated to counter it. That may involve bringing more compute to the network, or even changing the protocol.
Who? Just bitcoin users in general? There is no group that stands to gain, it's sort of a tragedy of the commons situation.
Bitcoin's security is tied to ASIC hardware. You can't just spin up a couple desktops at home to protect the network anymore.
>A fallback proof of work algorithm that requires more generalised hardware would work well.
I think monero already does this. Look up "RandomX" it is amazing to read about. But the problem is that these CPU-mined coins are even easier to attack because you can easily rent hardware or use a botnet to do a 51% attack. Whereas with bitcoin you need to buy a bunch of ASICs which would be devalued by such an attack.
>Ultimately the network is decided by the consensus of the users. Accepting signed blocks is the consensus.
I was going to write a long response to this, but in a nutshell classical consensus and PoS sucks.
FabHK
> How much does the security budget need to be?
There's the famous paper "The Economic Limits of Bitcoin and the Blockchain" [0, 1] answering this question. Bottom line: huge.
> Nakamoto’s novel form of trust faces serious economic limits. It is unusually expensive in absolute terms relative to the stakes involved, and its expense scales linearly with the stakes involved. [...] if permissionless consensus in its pure form were to become a more important part of the global economic and financial system than it has been to date, then the costs of securing the trust would become preposterous — more than all of global GDP in some scenarios.
David Rosenthal has good introductory posts on this [2] in his excellent blog.
[0] Original 2018 version: https://www.nber.org/papers/w24717
[1] Updated 2024 version [pdf]: https://socialsciences.uchicago.edu/sites/default/files/2024...
[2] https://blog.dshr.org/2025/05/who-is-mining-bitcoin.html
https://blog.dshr.org/2018/06/cryptocurrencies-have-limits.h...
https://blog.dshr.org/2019/02/the-economics-of-bitcoin-trans...
charcircuit
I think switching to something like proof of stake where bad actors can be punished is the best way forward to avoid honest nodes betraying the network.
Trying to maximize mining profit is adversarial with the end users and makes using bitcoin unattractive.
827a
Wow, its almost like deflationary currency isn't a good idea. Who would have thought? Certainly, uh, most economists.
desumeku
This article has nothing to do with the inflationary or deflationary nature of the currency, this is a problem solely caused by the block size limit, which other cryptocurrencies are free from and don't worry about.
null
beeflet
There are more inflationary emission schedules which are safer, and don't rely so much on transaction fees to subsidize mining. For example, look at the constant tail emission used by dogecoin and monero.
827a
It has everything to do with the deflationary nature of the currency. Its stated so right in their potential solutions:
> Tail emission: stop halvings and allow infinite inflation
The reality that no one wants to talk about is that Bitcoin is screwed and there's no way out of it, because of bad fundamental design.
Increasing block size will only work to solve the problem of Bitcoin's Security Budget if it brings in more usage/transactions; but Bitcoin's adherence to its traditionalist values is what led to the creation of a billion other cryptocurrencies to solve this exact problem, they do solve it, and they experience significantly higher transaction volume as a result. There's no evidence that volume is going to come back to Bitcoin. On the contrary; volume is down on Bitcoin, significantly, the usage these days looks more like 2018/2019. Its not coming back.
It also doesn't help that crypto, in general, is a dying technology.
> Burning dormant coins (e.g., Satoshi’s)
The fact that this is suggested, even as the last possible solution, should scream volumes about where this project and Bitcoin is at. This possibility shouldn't even be on this list. Not only would it do all the things the article says it would do (violate property rights, incite riots); it wouldn't even solve the problem. It would just buy a few years of time.
But as long as the miners have to buy their mining equipment using inflationary US Dollars; they're screwed. The only thing that would keep it going is growth in the usage of the currency, but (1) all growth stops eventually, and (2) even if it didn't, Bitcoin seems designed from day one to inhibit its own growth, because it was designed by an idiot crypto-maxy anarchist teenager who made the predictable software engineer mistake of thinking skill in compsci makes you skilled at everything.
merillecuz56
[dead]
The whole point of restricting the block size was to ensure space in the blockchain was scarce to drive the price of fees up, better securing the network. Well, that and keeping the blockchain total size small enough to be processed on an regular user's PC for decentralization sake. While a loss of some decentralization is non-ideal, increasing the block size dynamically, similarly to how difficulty is handled, would be a reasonable compromise to ensure the security of the network long term.