Earlier this month, Monero experienced a major network security incident. A layer-one blockchain called Qubic claimed to have controlled more than half of Monero’s hashrate, allowing it to briefly rewrite part of the transaction history. This incident highlighted the greater fragility of small Proof-of-Work (PoW) blockchains in terms of consensus stability, raising concerns about hashrate concentration and long-term security. Although the incident was positioned as a “pressure test” rather than a genuine “double-spend attack,” it revealed the importance of distributed hashrate and sustainable miner incentives for PoW network security.

This article will use the Monero incident as a case study to explore risks related to PoW security. We will explain what a 51% attack and chain reorganization are, review past cases such as Ethereum Classic, and consider what this means for the potential vulnerability of small PoW networks.

Qubic’s Entry and Monero’s Pressure Test

On August 12, Qubic claimed that it had briefly obtained the majority of Monero’s hashrate. In PoW networks, such situations are often referred to as a “51% attack,” where a single actor or coordinated group controls more than half (>50%) of the network’s mining power. This majority control can manipulate network consensus, reorganize blocks (“reorg”), censor transactions, and even attempt double-spend attacks, severely undermining network trust.

Like Bitcoin, Monero relies on miners to secure the network through PoW consensus, requiring miners to expend computational power to propose and validate new blocks. However, unlike Bitcoin, which uses specialized ASIC hardware (for the SHA-256 algorithm), Monero employs the RandomX algorithm, designed to allow mining with general-purpose CPUs. While this lowers the barrier to entry, it also results in Monero’s overall hashrate being far lower than Bitcoin’s (5.5 GH/s vs. 930 EH/s), making the network more vulnerable to hashrate concentration.

Since May, Qubic’s influence on Monero has significantly increased. Through its “Useful Proof-of-Work” (UPoW) model, Qubic attracted miners to allocate CPU resources to mine Monero. Instead of directly rewarding miners with Monero’s native token XMR, Qubic sold the mined coins on the market and used the proceeds to repurchase and burn its own tokens. These higher rewards attracted substantial hashrate to Qubic, increasing its mining profitability while also exacerbating concerns about network centralization.

This ultimately led to a minor reorganization of six blocks in the Monero ledger, with Qubic briefly producing blocks faster than the rest of the network. Although a small portion of history was temporarily rewritten, researchers analyzing the event found no true signs of a 51% attack but rather a demonstration of how incentive centralization can skew mining rewards in the short term.

Ethereum Classic Reorganization Incident (2020)

This incident is not unique to Monero; other networks have experienced similar situations, such as Bitcoin Gold (2019), Ethereum Classic (2019, 2020), and Bitcoin SV (2021). One of the more severe cases occurred in August 2020 when Ethereum Classic experienced a deep chain reorganization following the shutdown of a large mining pool. The attacker privately mined a longer chain and broadcast it to the network, replacing over 4,000 blocks and reorganizing thousands of historical transactions.

In Ethereum Classic’s block data, this can be clearly seen between blocks 10904147 and 10907761. The chart above shows the consensus size (in bytes) and the number of transactions per block. During the attack, prolonged segments of red dots can be observed, with consensus size dropping to zero, meaning these blocks were orphaned when the competing chain took over. The blue dots mark the main chain that ultimately remained, while the attacker’s chain reorganized thousands of previous blocks.

Hashrate Distribution and Miner Economics

These cases demonstrate that the security of PoW networks depends on hashrate distribution and the sustainability of miner incentives. Small to medium-sized PoW networks like Monero have a much lower hashrate than Bitcoin, reflecting differences in mining hardware and overall scale. Due to the limited total hashrate protecting the chain, the resource threshold for a single pool or coordinated actor to achieve majority control is lower, making these networks more susceptible to consensus disruptions.

As the Qubic incident showed, hashrate tends to concentrate under stronger incentives. Miners must receive sustainable compensation to continue securing the network. Monero’s block reward steadily declines under its deflationary issuance mechanism, with the network currently issuing approximately 430 XMR per day (worth about $120,000). Transaction fees provide limited supplementation, only about 9–10 XMR per day. Under these conditions, alternative incentive mechanisms like Qubic’s uPoW model can attract sufficient hashrate to disrupt network balance in the short term.

Conclusion

The Monero and Qubic incident was not a full 51% attack, but it served as a pressure test for PoW security. It revealed how small PoW blockchains may be exposed to consensus disruptions when miner incentives and hashrate become concentrated, ultimately shaking network trust. Past cases like Ethereum Classic show that these risks are not hypothetical but recurring challenges.

Bitcoin’s scale effect remains a key differentiating factor, with its attack threshold far higher than that of small networks. However, its long-term security model still faces questions, especially as block rewards continue to decline and transaction fees gradually become the core of the security budget. Ultimately, the Qubic incident reiterates that PoW security relies on sustainable incentive mechanisms and widely distributed hashrate, and similar events may serve as catalysts for networks to strengthen their resilience.