Looming Bitcoin Security Budget Crisis Is Fake — Expert Buries FUD

Pierre Rochard, VP of Research at Riot Platforms, one of the largest publicly traded Bitcoin mining companies and CEO of The Bitcoin Bond Company says the most persistent narrative about Bitcoin’s long-term security—an alleged “budget shortfall” as block subsidies decline—is built on a category error. In a series of posts on X today, August 15, he argues that critics conflate the rules of Bitcoin with the economics of settlement finality, and in doing so miss how the fee market, user controls, miner competition, and difficulty adjustments interact to raise the cost of attacks precisely when it matters.

Bitcoin’s Security Budget Problem Is Solved

“Bitcoin’s ‘security budget’ is often framed by altcoiners as a looming shortfall as block subsidies halve,” Rochard wrote. “That framing mixes two different things. The rules of Bitcoin (eg 21 million cap, validity of transactions, block weight limits) are secured by full nodes and private keys. Miners don’t set or change those rules; they only propose blocks that fit within them. What mining buys is settlement finality: how costly it is to censor or reorder recent blocks.” The question, in his view, is not whether a fixed pot of money exists to pay for security, but whether the network can make reorgs and censorship uneconomic as the subsidy shrinks.

He rejects the notion—common in cross-chain comparisons—that Bitcoin’s “security budget” is a static paycheck. “Contrary to what Ethereum influencers claim, Bitcoin’s budget for finality is NOT a fixed paycheck; it’s a market price that rises when needed.” When marginal miners shut off after a halving, blocks slow temporarily and difficulty adjusts. When confirmations become scarce or unreliable, fee rates climb as users compete for inclusion.

“At 1,000 sats/vB across ~1,000,000 vB, a single block’s fees are about 10 BTC—often more than the subsidy,” he noted, pointing back to “fee blow-offs in 2017 and 2021, and in May 2023 multiple blocks where fees alone exceeded the subsidy.” In practice, he says, miners “respond by filling blocks to capture those fees, not by leaving money on the table.”

A large part of Rochard’s case is that users are not passive. Tools like Replace-By-Fee and Child-Pays-For-Parent allow wallets and receivers to “rebroadcast transactions with higher fees or attach a high-fee child to an unconfirmed parent, instantly elevating inclusion priority.” That routing of rewards, he argues, “concentrates [them] on blocks that confirm parents and makes omitted transactions a bounty for whichever miner defects from any censoring or undercutting strategy.” Mining pool competition operationalizes the game theory: “when fees are rich and visible, each pool has a dominant incentive to defect first and claim them now, collapsing any cartel that tries to suppress or sequence transactions for nefarious purposes.”

If attacks persist, he adds, receivers can raise the number of confirmations required for high-value transfers, stretching the attacker’s time and energy budget while urgent senders bid up fees to start the clock immediately. “These logical user-side controls ensure that any sustained attack must burn growing resources against rising rewards for the honest chain.” His synthesis: “nodes lock the rules; difficulty adjustments re-equilibrate participation; the fee market prices scarce blockspace on demand; RBF/CPFP and mining pool competition route revenue to the parent-confirming chain; and confirmation policy dials assurance as high as needed.”

From his perspective, the empirical record—“fee spikes during stress, miners maximizing fee inclusion, and rapid reversion to normal once backlogs clear”—already demonstrates the dynamic. “As subsidy declines, fees don’t have to be permanently high; they need to be responsive when finality is under threat. That responsiveness is exactly what we observe.”

Could BTC Miners Be Bribed?

Addressing a related meme—that Bitcoin would need a “bribe oracle” to know when to match an attacker’s payoff—Rochard says the premise is wrong. “Short answer: there is no ‘bribe oracle,’ and you do not need one. The network does not try to divine the bribe’s size. It sets a visible bounty for honest behavior and lets miners choose the higher expected payoff.” In his framing, “public bounty beats secret promise.” During censorship or a reorg attempt, wallets and receivers raise fees on the suppressed transactions, creating a pot that is “publicly visible and immediately collectible by the first miner who confirms the parent.”

By contrast, “the bribe… is private, uncertain, and typically conditional on multi-party success. Rational miners compare a sure payout now to a risky off-chain IOU later.” Crucially, “you do not need to match the bribe, only its risk-adjusted value,” because any private offer is discounted by enforcement uncertainty, reputational and legal risk, and the probability a coalition fails when someone defects. The fee bounty “auto-scales without an oracle” as backlogs grow and users rebid; “every miner sees the same mempool price signals and can defect at any moment to take the pot.”

That incentive makes “cartels brittle,” since “the first pool to break ranks earns the high fees and ends the attack,” forcing any briber to keep paying more parties as defections loom. And to sustain a 51% campaign, “bribes must be repeated, not one-off… for as long as users keep raising confirmations and fees.” The only truly “trustless” bribe, he says, is an on-chain one—“which is just a very large fee attached to a specific block outcome”—and that “collapses back into the public fee market.”

The exchange drew a challenge from an Ethereum community member, who argued that Rochard’s logic “only works if the attacker is censoring,” and raised concerns about double-spends, “chaos sowing,” ASIC-level compromises, and pool collusion. Rochard separated two categories—“‘censoring forever’” versus “causing chaos for a while”—and argued neither is “easy or one-way.”

Threats Of A Reorg

On censorship and shallow reorgs, he reiterated that “with ~51 percent an attacker can try to exclude targets or reorg shallow history,” but as supply of confirmations drops, “urgent users rebid with RBF or CPFP, and the next parent-confirming block becomes very valuable. A single block at 1,000 sats per vB on ~1,000,000 vB pays about 10 BTC in fees. That visible bounty gives every non-attacking pool a dominant incentive to defect.” On double-spends and turbulence, he pointed to real-world behavior: “Exchanges and large receivers already raise confirmation counts when reorg risk rises… pushing a would-be attacker into a long, expensive campaign rather than a quick hit.”

Colluding pools, he argued, face a payout-competition problem—“A colluding pool that omits high-fee transactions underpays its own hashers and quickly bleeds hashrate to rivals. Miners can repoint hash within minutes”—and he highlighted protocol-level trends that reduce coordination power: “Stratum v2 job negotiation further reduces pool-level control by letting miners choose their own templates, which makes coordinated censorship even harder to sustain.”

On hardware compromise scenarios, Rochard framed them as throughput shocks rather than rule failures: “A large outage would slow blocks for a few epochs, then difficulty steps down and unaffected miners earn more. The outage also produces the same fee spike and defection incentives that pull additional hash online.”

So-called “vampire” attacks like on Monero this week that redirect external compute are, in his view, “much harder on Bitcoin than on small CPU- or GPU-mined coins,” because “Bitcoin’s SHA-256 hash is mostly tied up in dedicated ASICs already mining BTC,” leaving no cheap, massive rental pool that can be quietly redirected. The upshot is that any credible, sustained attack would require “majority hash, unwavering cartel discipline despite a rising fee bounty for defection, exchanges that refuse to raise confirmations, and users who refuse to rebid,” plus a price crash large enough to outpace the attacker’s burn rate. “That stack of assumptions runs against how miners, exchanges, and users actually behave.”

His bottom line compresses the argument into one sentence: “Bitcoin does not assume miners are altruists. It assumes they are paid to end your attack.” In Rochard’s telling, tip attacks reduce the supply of confirmations, users with money at stake raise fees, non-attacking miners defect to capture them, receivers lengthen confirmation windows, and difficulty resets the baseline. The “security budget problem,” on this view, is not a hole to be plugged with perpetual inflation but “a market process that scales up the cost of attacks precisely when it matters.”

At press time, BTC traded $117,746.