Inside Qubic's Selfish Mining Campaign on Monero: Evidence, Tactics, and Limits

We analyze Qubic’s publicly claimed selfish mining attack against Monero in 2025. By combining measurements from Monero nodes, the Qubic pool API, and Qubic-network observations, we reconstruct Qubic-attributed blocks and effective hashrate and identify ten intervals consistent with block withholding and strategic release. During these intervals, Qubic’s average hashrate share rises to 23–34%, yet we never observe sustained majority control. We evaluate the attack using the classical selfish mining model and a Markov-chain variant that captures Qubic’s conservative release policy. At the inferred parameters, both models predict revenues below honest mining, and our measurements largely confirm this while showing systematic deviations. We attribute the gap to hashrate variability, coarse-grained interval detection, and operational frictions under community countermeasures. We further argue that selfish mining should be analyzed under time-varying hashrate. Even when the average hashrate stays below the static break-even point, an attacker can still run a profitable selfish-mining operation by operating it intermittently.

💡 Research Summary

This paper presents a comprehensive empirical investigation of the “selfish mining” campaign publicly claimed by the Qubic mining pool against the Monero network in 2025. By merging three independent data sources—(i) main‑chain and orphan blocks collected from a dedicated Monero pruning node and from a set of public full nodes, (ii) the Qubic pool’s Stratum‑like RPC API that emits mining jobs every few seconds, and (iii) a community‑provided packet‑sniffing dataset of Qubic network traffic—the authors reconstruct the set of blocks that can be attributed to Qubic with high confidence.

Because Monero’s default privacy hides miner identities, the authors devise a two‑step attribution method. First, after each epoch ends, Qubic publishes a view‑key that can be used to verify ownership of the coinbase output. Second, for periods where the view‑key is not yet available, they exploit a distinctive pattern in the tx_extra field’s extra‑nonce of Qubic’s coinbase transactions. By extracting three regular‑expression patterns that are never observed in non‑Qubic pools, they can label blocks as “Qubic‑mined” even before the view‑key is disclosed.

Using the attributed blocks, the paper measures Qubic’s effective hash‑rate share (α) as the proportion of blocks (including orphans) that Qubic produced. Over the observation window (late September to mid‑October 2025) the average α is about 22 %, while short 6‑hour windows show spikes up to 50 % but never a sustained majority. The authors therefore conclude that Qubic did not achieve a continuous 51 % attack, although it did concentrate power intermittently.

The impact on chain stability is evident: during identified selfish‑mining intervals, the number of orphan blocks rises sharply, and the distribution of fork lengths shifts from almost exclusively length‑1 forks to a noticeable fraction of multi‑block forks. This indicates that Qubic’s block withholding not only displaced other miners’ blocks but also caused a non‑trivial fraction of its own blocks to be orphaned, reflecting deeper reorganizations.

For profitability analysis the authors apply two theoretical frameworks.

1. Classical selfish‑mining model (Eyal & Sirer) – using the measured α and an empirically estimated γ (the probability that honest miners adopt Qubic’s private chain) of roughly 0.42, the expected revenue fraction R_self is computed as (α(1‑γ) + α²γ) / (1‑α(1‑γ)). With α≈0.30 this yields R_self≈0.28, which is lower than the honest‑mining revenue α=0.30.
2. Markov‑chain variant with conservative release – the authors model Qubic’s observed “withhold until a two‑block lead, then publish” policy. Transition probabilities are derived from the measured average timestamp delay (≈5.6 s) between block timestamps and job‑fetch events, and from the observed orphan rate. The resulting expected revenue is about 0.26, again below honest mining.

Actual observed revenue (derived from the proportion of Qubic‑attributed blocks that ended up on the main chain) is modestly higher than the theoretical predictions (by ~0.03–0.04). The paper attributes this gap to three factors: (i) short‑term hash‑rate spikes that temporarily improve Qubic’s advantage, (ii) the coarse granularity of the interval‑based measurement (hourly/daily averages) which smooths out peak gains, and (iii) community counter‑measures such as “Publish‑or‑Perish” style policies that likely reduced γ during the campaign.

A key contribution is the discussion of time‑varying hash‑rate. The authors argue that the classic static break‑even threshold (≈33 % for Monero) is insufficient when α(t) fluctuates. They simulate a scenario where the attacker alternates between selfish‑mining intervals (when α(t) is high) and honest mining (when α(t) is low). Even though the long‑term average α stays below the static threshold, the intermittent strategy yields a higher overall revenue than continuous honest mining. This demonstrates that “intermittent selfish mining” can be profitable under realistic difficulty‑adjustment dynamics.

The paper also documents operational observations: Qubic’s pool increased job‑submission rates during withholding phases, and the Monero community responded with real‑time monitoring dashboards and proposals for stricter block‑publication enforcement. Limitations include incomplete orphan coverage (some private forks may have been missed), potential timestamp manipulation, and the inability to directly observe Qubic’s internal state.

In conclusion, the study shows that while Qubic’s campaign caused noticeable chain instability and temporarily concentrated mining power, its economic payoff was lower than honest mining under the measured conditions. Moreover, the work extends selfish‑mining theory by highlighting the profitability of intermittent attacks in a time‑varying hash‑rate environment, suggesting that future defenses must consider dynamic attacker behavior rather than static hash‑rate thresholds alone.