At the time of writing, the MineXMR pool has around 45% of the global hashrate. MineXMR is an established and prominent Monero pool that has been running solidly for years as well as contributing to the Monero ecosystem. The pool admin (who is a long-time community member) has announced that measures to disincentivize miners will be implemented shortly:
We understand that people are concerned with the large hashrate that minexmr currently has. We have announced an increase to the pool fees and continue to monitor the situation.
In addition, there are incentives at stake here that essentially disincentivize the pool admin from using the pool hashrate to perform an attack. First, miners would lose trust in the pool and leave the pool. Second, it would undermine confidence in Monero as a project, potentially negatively impacting the price. Both would result in a substantial decline of the income of the pool owner. That being said, there are certain risks to a pool reaching the majority share of the hashrate.
The most significant risk is a double-spend occurring. A double-spend attack typically occurs by the attacker covertly mining a malicious (longer) chain and subsequently replacing the existing chain. For example, the attacker performs a transaction to a service or exchange in block 101 of the existing chain. Subsequently, the attacker publishes his malicious chain, which contains a version of block 101 without aforementioned transaction, thereby effectively performing a double spend. Alternatively, the attacker could spend the same input(s) in transaction Y to a different service or exchange. Visually, it occurs as follows:
- Block 101 | Hash A1 - Transaction X
- Block 102 | Hash A2
- Block 103 | Hash A3
- Block 104 | Hash A4
- Block 105 | Hash A5
Subsequently the attacker replaces the existing chain with the malicious chain without transaction X:
- Block 101 | Hash B1 - Transaction Y or simply retaining the previously spent inputs
- Block 102 | Hash B2
- Block 103 | Hash B3
- Block 104 | Hash B4
- Block 105 | Hash B5
A common misconception is that, due to the private nature of Monero, double-spends cannot be detected. This, however, is simply not true. Everyone that runs a node can check whether (deep) re-orgs have occurred. The daemon software (monerod) will further provide an informational message when a re-org occurs.
An additional risks is the possibility of the mining pool not including transactions, thereby essentially impacting user experience, as it will take longer for the transaction to be included in a block.
Note that the pool or an attacker cannot:
- Reverse transactions or prevent users from sending transactions.
- Generate coins out of thin air.
- Spend coins that are not owned by the pool or attacker.
- Change the emission / block reward.
Please use this thread to discuss the situation. Furthermore, it is advised to stay level-headed and analyze and monitor the situation rationally. Whilst we should evidently strive to have a better distribution of the hashrate, any alarmist / fearmongering posts or comments as well as attacks on the owner of the pool are out of place.