Skip to main content
Security

Monero Suffers 18-Block Reorganization from Qubic 51% Attack

A mining pool's majority hash rate control enabled a deep blockchain reorg, invalidating transactions and undermining network finality.
September 16, 20252 min

The image showcases a detailed view of a high-performance computing unit, featuring a large, brushed metallic block with intricate geometric patterns. Transparent tubing, appearing to carry a blue liquid, snakes across the surface, connecting various components
A dark blue, spherical digital asset is partially enveloped by a translucent, light blue, flowing material. This enveloping layer is speckled with numerous tiny white particles, creating a dynamic, abstract composition against a soft grey background

Briefing

The Monero blockchain experienced its largest recorded reorganization on September 14, 2025, when the Qubic mining pool, controlling over 50% of the network’s hash rate, executed an 18-block rollback. This consensus manipulation invalidated approximately 117 confirmed transactions, forcing them back to the mempool. While no direct fund theft or double-spending was confirmed, the incident severely disrupted transaction finality and exposed a critical vulnerability in Monero’s Proof-of-Work security model.

The image presents a close-up of a futuristic device featuring a translucent casing over a dynamic blue internal structure. A central, brushed metallic button is precisely integrated into the surface

Context

Prior to this event, Monero relied on a 10-block finality rule, presuming sufficient block confirmations would prevent such deep reorganizations. This incident follows a smaller 6-block reorg by the same Qubic pool in August 2025, signaling a growing concentration of mining power. Smaller Proof-of-Work networks, particularly those prioritizing ASIC resistance and decentralization, remain susceptible to hash rate accumulation and subsequent 51% attacks.

A luminous, translucent blue-grey amorphous structure elegantly envelops a vibrant, solid blue sphere, set against a subtle gradient background. The flowing, organic forms create a sense of depth and protection around the central element

Analysis

The incident leveraged the fundamental “longest chain rule” inherent in Proof-of-Work consensus mechanisms. The Qubic mining pool secretly mined a longer private chain by withholding blocks, then released it to the public network. This longer chain superseded the honest chain, causing all nodes to switch to the attacker’s history and orphan the 18 blocks mined by other participants. The attack vector exploited a critical mass of mining power, allowing the malicious actor to rewrite recent transaction history and temporarily negate the network’s established finality assumptions.

A striking visual depicts two distinct, angular structures rising from dark, rippled water, partially obscured by white, voluminous clouds. One structure is a highly reflective silver, while the other is a fractured, deep blue block with intricate white patterns

Parameters

  • Protocol TargetedMonero (XMR)
  • Vulnerability Type ∞ 51% Attack / Blockchain Reorganization
  • Attacker Entity ∞ Qubic mining pool
  • Financial Impact ∞ No direct funds stolen; 117-118 transactions invalidated
  • Affected Blockchain ∞ Monero
  • Reorganization Depth ∞ 18 blocks
  • Date of Incident ∞ September 14, 2025
  • Hash Rate Control ∞ Over 50% by Qubic

A close-up, shallow depth-of-field view reveals a textured, undulating surface. This surface is composed of numerous rectangular, block-like units, primarily in shades of deep blue and dark grey/black, arranged in an interconnected grid

Outlook

Immediate mitigation includes exchanges raising confirmation requirements for Monero deposits to counteract future short reorgs. The Monero community is actively discussing protocol-level solutions such as “Publish or Perish” to penalize block withholding and exploring merge mining or chain-locking mechanisms to enhance network security. This event underscores the necessity for continuous vigilance against mining centralization, serving as a critical reminder for all Proof-of-Work networks to assess their vulnerability to majority hash rate attacks.

A translucent, frosted rectangular module displays two prominent metallic circular buttons, set against a dynamic backdrop of flowing blue and reflective silver elements. This sophisticated interface represents a critical component in secure digital asset management, likely a hardware wallet designed for cold storage of private keys

Verdict

This Monero 51% attack profoundly challenges the perceived immutability and transaction finality of smaller Proof-of-Work chains, demanding immediate and systemic consensus mechanism enhancements across the digital asset ecosystem.

Signal Acquired from ∞ ccn.com

Glossary

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

proof-of-work networks

The Boundless mainnet integrates zero-knowledge proofs to establish a verifiable compute market, fundamentally reshaping blockchain scaling economics.

mining power

A 51% attack equivalent rewrites Monero's transaction history, compromising finality and exposing critical network centralization risks.

monero

Definition ∞ Monero is a privacy-focused cryptocurrency.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

rate

Definition ∞ A rate signifies a measure, quantity, or frequency, often expressed as a ratio or proportion.

network

Definition ∞ A network is a system of interconnected computers or devices capable of communication and resource sharing.

smaller proof-of-work

The Boundless mainnet integrates zero-knowledge proofs to establish a verifiable compute market, fundamentally reshaping blockchain scaling economics.

Tags:

Tags: