Monero, the leading privacy-focused cryptocurrency, is facing one of the most serious security challenges in its history.
Qubic, a project led by IOTA co-founder Sergey Ivancheglo, says it now controls more than 51% of the network’s hashrate. In blockchains secured by proof-of-work algorithms, that’s the same method used by Bitcoin, that level of control can allow an attacker to rewrite transaction history, block transactions or carry out double-spend attacks.
In a blog post, Quibic described the takeover as an “experiment” that was a “strategic, and at times combative, application of game theory.”
Developers, miners and security experts are now debating whether the network’s decentralization is as robust as many believed.
What is a 51% attack?
In a proof-of-work blockchain, miners compete to add new blocks of transactions to the chain. If one group controls more than half of the total computing power, they can outpace every other participant.
That level of control opens the door to a range of capabilities that can undermine confidence in the network. These include chain reorganizations, commonly abbreviated to “reorg,” which involves replacing previously confirmed blocks with new ones. It also covers double spends, meaning sending the same token twice,
Arguably the most impactful part of a 51% attack is censoring transactions —preventing some payments from being confirmed — which is particularly pertinent in the case of Monero given its focus on privacy
These attacks are not theoretical. Ethereum Classic was hit several times in 2020, costing millions. Bitcoin Gold faced similar incidents in 2018 and 2020. Smaller tokens like Verge have been targeted and destabilized.
Why Monero is still at risk
Monero uses the RandomX algorithm to discourage mining using application specific integrated circuits (ASICs), encouraging CPU mining instead. This design was meant to keep the network decentralized. That is why Qubic’s rapid rise is so significant. From less than 2% of Monero’s hashrate in May, it grew to more than 25% by late July, and now claims to have crossed the 51% threshold.
Qubic runs a “useful proof-of-work” system that turns Monero mining rewards into USDT, then uses those funds to buy and burn its own QUBIC tokens. The mechanism is unusual, combining a mining strategy with a token supply sink. And it has steadily increased Qubic’s control over Monero’s hashpower.
Ledger CTO Charles Guillemet said that “sustaining this attack is estimated to cost $75 million per day,” before adding that while it is potentially lucrative, “it threatens to destroy confidence in the network almost overnight. Other miners are left with no incentive to continue.”
BitMEX research added: “Qubic say the end goal is to takeover all the block rewards of Monero, which essentially means full and sustained selfish mining. It is not clear whether they can actually achieve that. If this can be achieved, the value of the coin may fall.”
It did. Monero’s XMR is currently trading at $252, down 6% over the past 24 hours to compound a 13.5% decline over the past seven days.
What does this mean for Monero?
In the blog post, Qubic said the takeover was not about breaking Monero, but about proving that economic incentives and a coordinated mining strategy can give a smaller protocol effective control over a much larger one.
The experiment, Qubic says, was to test whether mining resources could be profitably diverted from a target network into another protocol’s economic loop.
At its peak, Qubic claims its Monero mining was nearly three times more lucrative than traditional Monero mining. A restructuring of its reward system, approved by its community, boosted payouts to its validators and drew miners away from other Monero pools.
Qubic’s first push for majority control was met with sustained distributed denial-of-service (DDOS) attacks that disrupted peripheral services for over a week but failed to take down its core network.
Those DDOS attacks continued on Tuesday, Ivancheglo revealed on X, in what he decribes as “Monero Maxis returning the favor.”
Qubic claims it has so far stopped short of fully taking over consensus, citing concerns about the potential impact on XMR’s price.
Are other blockchains vulnerable to attack?
Bitcoin’s hashrate is so high that a 51% attack would be prohibitively expensive. But mid-tier proof-of-work coins are more vulnerable. The cost of gaining majority hashpower on Monero, Ethereum Classic or Bitcoin Gold is far lower.
Privacy-focused coins face an added challenge. Their censorship-resistant nature means that if one party controls the network, it undermines the very privacy they are designed to protect.
