BM-PAW: A Profitable Mining Attack in the PoW-based Blockchain System
Junjie Hu, Na Ruan
TL;DR
This paper addresses the security of PoW-based blockchains by introducing BM-PAW, a bribery-enhanced extension of the PAW attack that coordinates target-miner behavior via bribe money to increase attacker and target rewards. It develops a formal model of one- and two-pool scenarios, derives reward expressions, and optimizes infiltration powers $(r_1,r_2)$ to achieve incentive compatibility, demonstrating superior performance over PAW in both single- and multi-pool settings. The work further analyzes a two-pool Nash equilibrium showing BM-PAW can overcome the miner's dilemma, and provides practical countermeasures to mitigate bribery-based pool attacks. The findings highlight a significant vulnerability in pooled mining and offer guidance for defensive strategies, with potential applicability to other PoW-based cryptocurrencies. Overall, BM-PAW advances understanding of pool-level adversarial dynamics and emphasizes the need for robust mitigation in real-world mining ecosystems.
Abstract
Mining attacks enable an adversary to procure a disproportionately large portion of mining rewards by deviating from honest mining practices within the PoW-based blockchain system. In this paper, we demonstrate that the security vulnerabilities of PoW-based blockchain extend beyond what these mining attacks initially reveal. We introduce a novel mining strategy, named BM-PAW, which yields superior rewards for both the attacker and the targeted pool compared to the state-of-the-art mining attack, PAW. BM-PAW attackers are incentivized to offer appropriate bribe money to other targets, as they comply with the attacker's directives upon receiving payment. We further find the BM-PAW attacker can circumvent the miner's dilemma through equilibrium analysis in a two-pool BM-PAW game scenario, wherein the outcome is determined by the attacker's mining power. We finally propose practical countermeasures to mitigate these novel pool attacks.