Proof of work (PoW) is Bitcoin's consensus mechanism: a system where miners compete to find a valid block hash by performing billions of SHA-256 computations, and the network follows the chain that demonstrates the greatest total accumulated computational work. It transforms real-world energy expenditure into a tamper-resistant transaction history.
This guide is for people who want to understand how Bitcoin actually stays secure, not mining setup, hardware comparisons, or profitability guides. You will learn what miners do step by step, why difficulty adjustments matter, how 51% attacks work and why they fail economically, and what confirmation counts actually mean for your transactions.
What does proof of work actually do?
Proof of work solves a problem that no pre-Bitcoin system had cracked: how do you get thousands of strangers, with no shared trust and no central authority, to agree on a single version of a transaction history, and make rewriting that history prohibitively expensive?
The mechanism works through a fundamental asymmetry. Creating a valid block requires trillions of hash computations and real electricity. Verifying that a block is valid requires a single hash computation taking milliseconds. This gap, expensive to produce, cheap to verify, is the entire security model.
Bitcoin's PoW mechanism was derived from earlier ideas. In 1993, Cynthia Dwork and Moni Naor proposed using computational puzzles to deter email spam (source: Wisdom). Adam Back's Hashcash system (1997) applied partial hash inversions as a practical anti-spam tool. Satoshi Nakamoto combined these concepts with economic incentives in the 2008 Bitcoin whitepaper, turning them into a consensus mechanism for a decentralized monetary network (source: Bitcoin.org).
The core security property: an honest history is cheap to verify and extend. A dishonest history is expensive to create and must outpace the entire honest network to survive.
How does Bitcoin mining work step by step?
When you broadcast a Bitcoin transaction, here is what happens:
Step 1: Broadcast and propagation
Your transaction is relayed across thousands of nodes within seconds. Each node validates basic rules, valid signature, no obvious double-spend, and places it in its mempool: a local waiting room of unconfirmed transactions.
Step 2: Candidate block assembly
A miner selects transactions from their mempool, typically prioritizing those paying higher fees. They arrange these transactions and calculate a Merkle root: a single 256-bit hash that cryptographically commits to every transaction in the block.
Step 3: Block header construction
The miner builds an 80-byte block header containing six fields:
Version number
Previous block's hash (linking to the chain)
Merkle root of all included transactions
Timestamp
nBits (compact representation of the current difficulty target)
Nonce (a 32-bit counter miners increment with each attempt)
Step 4: Hash competition
The miner repeatedly hashes the 80-byte header using double SHA-256 (SHA-256 applied twice) and checks whether the output falls below the current difficulty target. If not, they increment the nonce and try again. When all 4 billion nonce values are exhausted, the miner modifies the coinbase transaction's extra-nonce field, which changes the Merkle root, and the nonce search restarts.
Step 5: Valid block found
After an average of trillions of attempts (network-wide, approximately every 10 minutes), one miner finds a valid hash. They broadcast the solved block to the network.
Step 6: Node validation
Full nodes independently verify every transaction's signatures, scripts, and rule compliance. Proof of work alone does not make a block valid, every transaction must also pass rule checks. Nodes reject invalid blocks regardless of the computational work invested.
Step 7: Chain extension
Valid blocks are added to each node's blockchain. Included transactions are removed from mempools. The miner earns the block subsidy (currently 3.125 BTC post-April 2024 halving) plus all transaction fees.
Step 8: Confirmation accrual
Each subsequent block adds one confirmation to every transaction in your block.
Worked example
Alice sends 0.5 BTC to Bob. Her transaction enters mempools across the network. Miner Eve assembles a candidate block containing Alice's transaction, builds the header, and performs 4.7 trillion hash attempts over roughly 8 minutes before finding a valid solution. Nodes worldwide verify the block is valid. Eve earns 3.125 BTC in subsidy plus fees. Bob's wallet shows 1 confirmation. Eve's key constraint: she could not have included a transaction spending coins Alice doesn't own, nodes would have rejected the entire block, burning Eve's electricity for nothing.
For a deeper look at how transactions flow through this process, see our guide on how Bitcoin transactions work. For the confirmation side specifically, see Bitcoin confirmations explained.
What is a SHA-256 hash and why can't miners predict it?
SHA-256 (Secure Hash Algorithm 256-bit) takes any input, a word, a block header, a file, and produces a fixed 256-bit output that looks entirely random. The critical property: changing even one bit of input produces a completely different, unpredictable output. There is no mathematical relationship between input and output that miners can exploit.
This property is called the avalanche effect. It means miners cannot calculate "what nonce value would produce a hash below the target." They can only try values and observe results. Mining is brute-force trial and error at industrial scale, not equation-solving.
What a valid hash looks like in practice
The difficulty target is expressed as a 256-bit threshold. A valid block hash must be numerically less than this threshold. As of May 2026, Bitcoin's difficulty requires hashes with approximately 76 leading zero bits, meaning roughly 1 in 75 sextillion hash attempts produces a valid solution (source: Bitcoin Wiki).
Double SHA-256
Bitcoin applies SHA-256 twice: SHA256(SHA256(block_header)). Satoshi's design choice; it provides additional protection against certain theoretical length-extension attacks on the hash function.
The nonce exhaustion problem
With only 4 billion possible nonce values (2^32), modern mining hardware exhausts them in under a second. The coinbase transaction's extra-nonce field provides additional variation, effectively giving miners billions of different Merkle roots to work through when nonces run out.
For technical context on how the block structure fits into the broader ledger, see how the Bitcoin blockchain works.
How does difficulty adjustment keep block times stable?
Difficulty is a measure of how hard it is to find a valid block hash. It adjusts automatically every 2,016 blocks, approximately every two weeks, to keep average block arrival near 10 minutes, regardless of how much hashpower joins or leaves the network.
The retarget calculation
At the end of each 2,016-block period, every node independently calculates: how long did these 2,016 blocks actually take? Expected: 2,016 × 10 minutes = 20,160 minutes. If actual time was shorter (blocks arrived faster), difficulty increases proportionally. If longer, difficulty decreases. The adjustment is capped at a factor of 4 in either direction to prevent manipulation.
Concrete scenario: In early 2024, the post-halving difficulty dropped ~6% when some miners shut down following reward reduction. Over the subsequent epoch, blocks arrived slightly slower than 10 minutes. The retarget corrected automatically, maintaining Bitcoin's issuance schedule.
As of May 2026, Bitcoin's mining difficulty stands at approximately 132.47 trillion (source: blockchain.info). The network hashrate sits near 1 ZH/s, about one zettahash per second, meaning 1,000,000,000,000,000,000,000 hash attempts every second across all miners worldwide (source: CoinWarz).
Why this matters for users
Difficulty adjustment is why Bitcoin's block schedule has remained close to 10-minute averages for 16 years despite hashrate growing from Satoshi's single CPU to an entire industry. It also means that when major miners shut down, after a halving, a regulatory crackdown, a power outage, the network doesn't freeze. Difficulty drops, remaining miners find blocks more easily, and the chain continues. See Bitcoin difficulty adjustment explained for the full mechanics.
Common misconceptions:
Difficulty does not control Bitcoin's price. It responds to hashrate, which responds to price through miner economics, not the reverse.
Difficulty adjustments are not real-time. They happen only every 2,016 blocks.
Falling difficulty does not mean Bitcoin is "dying." It means hashrate decreased, which triggers the stabilizing mechanism.
Rising difficulty does not slow down transaction verification. Signature checking and script execution are unaffected by mining difficulty.
What is "most accumulated work" and why does Bitcoin follow it?
A common description says "Bitcoin follows the longest chain." This is technically wrong and can mislead analysis of attack scenarios.
Bitcoin nodes follow the chain with the greatest total accumulated proof of work, called "chainwork", not the chain with the most blocks. A chain of 10 blocks mined at very high difficulty outweighs a chain of 15 blocks mined at low difficulty. Total work is what counts.
Why this matters for security
Suppose an attacker mines a competing chain of 1,000 easy blocks during a period of very low difficulty. If block count alone decided the winner, this chain would defeat the honest chain. Because work accumulation decides, the honest chain, which keeps mining at normal difficulty, wins easily.
Nakamoto consensus is the rule that nodes always adopt the valid chain demonstrating the greatest chainwork. This is what "heaviest chain" means in technical discussion of Bitcoin security.
Chainwork in practice
Every block header contains nBits: the difficulty target that block was mined at. Each node calculates the total work represented by every block's difficulty as it builds its chain view. When two competing chain tips are compared, total work wins regardless of length (Bitcoin whitepaper, Section 5).
For context on how this connects to block structure and chain forking, see Bitcoin forks explained and the major Bitcoin forks timeline.
How does PoW create Bitcoin's security? The three-layer model
Security in Bitcoin's proof of work does not come from any single property. It emerges from three reinforcing layers operating simultaneously.
Layer 1: Verification asymmetry
Any node can verify that a block's proof of work is valid with a single hash computation taking milliseconds. Producing a valid block requires trillions of attempts. This gap means honest nodes can process the entire blockchain history for pennies in computation, while an attacker must spend billions in hardware and electricity to rewrite it.
Layer 2: Economic alignment
Miners who follow rules earn block rewards (3.125 BTC, roughly $253,000+ at May 2026 prices) plus transaction fees. Miners who attempt to include invalid transactions, wrong rewards, forged signatures, double-spends, produce blocks that nodes reject. No reward. All electricity wasted. The economic calculus strongly favors honest participation for any rational actor who doesn't simultaneously hold an agenda to destroy the network's value.
Layer 3: Accumulated work
Every valid block adds more computational work on top of all prior blocks. To rewrite a transaction buried 6 blocks deep, an attacker must not only redo those 6 blocks' proof of work, but must also outpace the ongoing honest network production while doing so. The deeper a transaction is buried, the more work the attacker must exceed, and the honest network keeps growing the gap during any attack attempt.
The security budget concept
Bitcoin's security budget is the total miner revenue (subsidy + fees) per day, the amount the network pays to maintain its security. As of May 2026, this is roughly 450 blocks × 3.125 BTC × $81,000 ≈ $113 million per day. This is the ongoing cost of honest participation. An attacker must sustain majority hashpower to threaten the chain, a cost measured in hundreds of millions per day in hardware depreciation and electricity.
Exchanges and services like Blofin's trading platform monitor hashrate trends and difficulty changes because miner economics directly affect fee market conditions and transaction confirmation windows, factors that flow through to deposit timing and settlement reliability.
What is a 51% attack and can it actually work?
A 51% attack is a scenario where a single entity controls more than half of Bitcoin's total hashrate and attempts to rewrite recent transaction history, typically to execute a double-spend against an exchange.
Step-by-step attack walkthrough
Attacker acquires and deploys enough hardware to control >50% of network hashrate.
Attacker broadcasts a transaction to an exchange: deposits 100 BTC, waits for confirmations, withdraws equivalent value in fiat.
Simultaneously and secretly, attacker mines an alternative chain that excludes the deposit transaction, as if it never happened.
After the fiat withdrawal clears, attacker publishes their secret chain (which now has more accumulated work than the honest chain by virtue of their hashrate advantage).
Nodes reorganize to the attacker's chain. The deposit transaction disappears. Attacker still holds the 100 BTC on the new chain, plus received the fiat.
Why this is extremely difficult against Bitcoin in 2026
At approximately 1 ZH/s network hashrate, an attacker needs approximately 515 PH/s, 515,000 terahashes per second, in sustained new production. No single entity currently controls anything close to this. Acquiring it would require purchasing a substantial fraction of the world's existing Bitcoin ASIC fleet plus months of manufacturing lead time, with total capital expenditure in the billions. The attack is then detectable immediately (chain reorg alerts are public), and successfully executing it would destroy confidence in Bitcoin, collapsing the value of the attacker's own holdings and future mining revenue.
What a 51% attacker CAN do:
Reverse their own recent transactions (double-spend)
Temporarily censor specific transactions from blocks
Collect double the expected block rewards briefly (selfish mining)
What a 51% attacker CANNOT do:
Steal coins from any address they don't have private keys to
Break SHA-256 or reverse any cryptographic signature
Change the 21 million supply cap
Change any consensus rule (that requires node software changes, not hashrate)
Mining pools are not the same as 51% attack risk
When a pool holds 30% of a network hashrate, that pool operator does not own that hashrate. Individual miners point their hardware at the pool for payment smoothing. They can redirect to any pool instantly. Pool operators can theoretically attempt short-term censorship, but sustained attacks would trigger immediate miner defection. The community monitors pool concentration through public dashboards.
For a complete breakdown of this attack vector, see what is a 51% attack.
What is probabilistic finality and how many confirmations do you actually need?
Bitcoin transactions do not achieve absolute finality. The probability of reversal becomes vanishingly small with each confirmation, but it never mathematically reaches zero. Understanding this is essential for deciding when to consider a payment settled.
Why more confirmations increase security
Each block confirmation means the network has added more proof of work on top of your transaction. An attacker attempting to reverse it must redo not just your block's work, but all subsequent blocks, while simultaneously outpacing the ongoing honest chain. The required hashrate advantage needed to have even a 1% chance of success grows with each confirmation.
Section 11 of the Bitcoin whitepaper contains the exact probability calculations. With an attacker controlling 10% of hashrate, the probability of successfully reversing a transaction drops below 0.1% after 6 confirmations. At 30% hashrate control, you need approximately 24 confirmations to achieve equivalent security Bitcoin.org.
Practical confirmation tiers based on transaction value
Transaction value | Recommended confirmations | Notes |
|---|---|---|
Under $100 | 0-1 | Reversal economically irrational |
$100 – $10,000 | 3-6 | Standard exchange deposit range |
$10,000 – $100,000 | 6-24 | Verify on multiple block explorers |
Over $100,000 | 24-144 | Institutional settlement standard |
These are guidelines, not guarantees. Context matters: a $100,000 transaction to a counterparty you've dealt with for years needs fewer confirmations than the same amount from an unknown sender to an exchange.
Single-block reorgs happen rarely
Continuous chain monitoring data indicates single-block reorgs occur approximately once every 45 days, not every few days as sometimes described. Two-block reorgs are far rarer; Bitcoin's entire history contains only a few dozen (source: CoinDesk). This calibrates risk accurately: shallow reorgs from honest network latency are minor, routine events. Intentional deep reorgs require majority hashrate.
The "6 confirmations" standard originated from Satoshi's whitepaper analysis of realistic attacker hashrate fractions. It remains a reasonable threshold for moderate-value transactions, not because it provides absolute security, but because at Bitcoin's May 2026 hashrate of ~1 ZH/s, the hardware and electricity cost of executing a successful reversal after 6 confirmations far exceeds what any attacker could profit from a typical transaction.
For the full technical treatment of confirmation counting and reorg mechanics, see how many Bitcoin confirmations you need.
What does Bitcoin's energy use actually buy?
Bitcoin's energy expenditure, estimated at approximately 170-180 TWh per year as of early 2026 (Cambridge Centre for Energy & Climate Research, CBECI), is the physical foundation of its security, not an unfortunate side effect.
Every joule spent mining increases the cost an attacker must match to rewrite history. PoW transforms electricity into unforgeable proof of computational expenditure. This is why the "wasted energy" criticism misidentifies the mechanism: the energy is not solving a useful side-problem and discarding the solution. The expenditure itself is the security. There is no way to have the security without the cost.
The security budget logic
As Bitcoin's block subsidy halves over time (next halving approximately 2028), transaction fee revenue must grow to maintain miner incentives and therefore network security. This is a known structural challenge: a Bitcoin network with very few transactions and very low fees would, over decades, see declining miner revenue, declining hashrate, and declining security. The community's position is that growing transaction demand (including layer-2 activity that settles to the base layer) will sustain the fee market.
Energy source composition
Mining operations are not exclusively fossil-fuel-powered. Studies consistently show significant renewable energy use, stranded hydroelectric power in certain regions, excess wind and solar in others, because miners are highly mobile and chase the cheapest electricity, which is increasingly renewable in many markets. The CBECI's 2024 report estimated approximately 25-40% of Bitcoin mining uses renewable sources (source: Cambridge CCAF). That figure is methodologically contested, but the trend toward cheaper, often renewable electricity is structurally incentivized.
For the detailed energy debate and mining economics, see Bitcoin energy use and the environmental debate and is Bitcoin mining profitable.
How does proof of work compare to proof of stake?
The core difference is the nature of the security cost. PoW security comes from external costs: electricity and specialized hardware that must be continuously purchased from the real-world economy. PoS security comes from internal cost: capital locked within the network itself that is at risk of slashing penalties.
Dimension | Proof of Work | Proof of Stake |
|---|---|---|
Security cost | External (energy, hardware) | Internal (staked capital at risk) |
Attack cost | Acquire majority hashrate; costs physical resources | Acquire majority stake; costs only purchasing tokens |
Energy use | High (by design) | Low |
Hardware specialization | ASIC-specialized | None required |
Participation | Anyone with hardware | Anyone with capital to stake |
Track record | Bitcoin: 16+ years, no successful chain attack | Ethereum PoS: launched 2022, shorter track record |
Attack reversibility | Reorgs are expensive and detectable | Validator slashing can mitigate; long-range attacks debated |
When should a beginner consider this comparison?
When evaluating whether a new cryptocurrency's security assumptions are credible
When assessing how a network responds to wealthy or state-level adversaries
When understanding why Bitcoin has not switched to PoS despite the energy criticism
When comparing the energy debates between different networks
Why Bitcoin specifically keeps PoW
The Bitcoin community's position, stated across multiple forums and technical documents, is that PoW's external cost makes attack resistance independent of the network's own token value. An attacker against PoS can bootstrap an attack using the network's own capital. An attacker against PoW must acquire resources from outside the Bitcoin system entirely. Bitcoin prioritizes permissionless access and attack independence over energy efficiency. For a full side-by-side on how this consensus difference shapes Bitcoin vs Ethereum as networks, see the dedicated comparison.
For the dedicated comparison, see proof of work vs proof of stake.
What are the 10 most common proof of work misconceptions?
1. "Miners solve complex math equations."
Miners perform brute-force hashing, trial and error with no mathematical shortcut. They increment a nonce and hash until the output falls below a target. There is no equation to "solve."
2. "PoW makes Bitcoin fast."
PoW intentionally produces blocks roughly every 10 minutes to allow global propagation before the next block. Speed comes from layer-2 solutions like Lightning, not from mining.
3. "Miners control Bitcoin's rules."
Miners propose blocks; nodes enforce rules. A miner submitting a block with an invalid transaction or wrong reward earns nothing, nodes reject it regardless of the proof of work.
4. "After enough confirmations, a transaction is final."
Finality is probabilistic. Six confirmations makes reversal extremely unlikely; 24 makes it astronomically unlikely. Neither is absolute. Context determines appropriate thresholds.
5. "You need 51% of all Bitcoin to attack the network."
The 51% refers to hashpower, computation, not coin ownership. Holding coins grants zero mining power.
6. "If miners stop, Bitcoin stops."
If hashrate drops, block times lengthen temporarily. Difficulty adjusts downward after 2,016 blocks, making remaining mining more profitable. The chain survives miner attrition.
7. "Mining pools are companies controlling Bitcoin."
Pools aggregate independent miners for payment smoothing. Pool operators do not own the hashrate. Miners redirect to competitors within seconds if a pool misbehaves.
8. "More efficient ASICs will eventually make mining free."
Efficiency gains lower per-hash costs, attracting more competition. Total mining expenditure equilibrates with rewards. Mining never becomes free, costs just distribute differently.
9. "PoW wastes energy on useless problems."
The computational work is the security product. A network storing trillions in value needs real-world attack barriers. The "useless problem" framing misunderstands what the problem is producing.
10. "Bitcoin follows the longest chain."
Bitcoin follows the chain with the most accumulated proof of work. A chain of 10 hard blocks beats a chain of 15 easy blocks. Chain length is not the metric.
Practical guide: What proof of work means for your transactions
Understanding PoW helps you make better decisions when sending or receiving Bitcoin.
For incoming transactions: Check block explorer confirmation count before considering funds settled. For deposits to an exchange, check the exchange's stated confirmation requirement, typically 3-6 for standard amounts. Do not expect instant availability.
For time-sensitive payments: Bitcoin confirmation times average 10 minutes per block but range from under 1 minute to over 45 minutes for individual blocks. Plan for variance. The Bitcoin mempool and current fee environment affect when your transaction gets picked up, not how quickly confirmations accrue once it's included.
For high-value transfers: Use a block explorer like mempool.space to verify your transaction is in the best chain, not a stale block. Wait for the confirmation count appropriate to your value tier. For large amounts, verify independently on two block explorers before considering the transfer complete.
Transaction fee and PoW connection: Miners prioritize transactions paying higher fees when blocks are congested. Understanding this helps you set fees appropriately for time-sensitive transactions. During periods of very high mempool backlog, underpaying can result in multi-hour or multi-day delays. For guidance on fee selection, see how to choose Bitcoin fees.
Deposits on exchanges and services like Blofin: From a deposit-processing standpoint, hashrate downturns and difficulty resets shift expected confirmation windows. When the network adjusts difficulty after a hashrate drop, blocks temporarily arrive slower than 10 minutes, extending expected deposit times. This is a normal network event, not a malfunction.
For a complete overview of storing Bitcoin securely beyond these basics, see how to store Bitcoin and custodial wallet vs self-custody.
Proof of work glossary
Proof of work (PoW): A consensus mechanism where participants demonstrate computational expenditure to propose blocks. The network follows the chain demonstrating the greatest accumulated work.
SHA-256: The cryptographic hash function Bitcoin uses. Double SHA-256 (applied twice) produces a 256-bit output from any input. Properties: deterministic, one-way, avalanche effect (single-bit input change → entirely different output).
Nonce: A 32-bit counter in the block header that miners increment with each hash attempt. When exhausted, miners modify the coinbase extra-nonce, changing the Merkle root.
Target: The 256-bit threshold a valid block hash must fall below. Numerically lower targets require rarer valid hashes and represent higher difficulty.
Difficulty: A measure of how rare a valid hash must be, adjusting every 2,016 blocks to maintain ~10-minute average block times.
Hashrate: Estimated total SHA-256 computations per second across all miners worldwide. A proxy for attack cost, not a guarantee of decentralization.
Chainwork: The cumulative proof of work represented by all blocks in a chain. The true metric nodes use to determine which chain is valid.
Merkle root: A single 256-bit hash summarizing all transactions in a block. Changing any transaction changes the Merkle root, which changes the block header, invalidating all subsequent proof of work.
Stale block: A valid block that was not adopted into the main chain, typically because another miner's competing block accumulated more work first.
51% attack: A scenario where an entity controlling majority hashrate attempts to rewrite recent transaction history for double-spend or censorship purposes.
Selfish mining: A strategy where a miner withholds valid blocks temporarily to gain competitive advantage, theoretically profitable above certain hashrate thresholds, though detectable and economically risky in practice.
Block reward: The block subsidy (newly created BTC, currently 3.125 BTC post-April 2024 halving) plus transaction fees paid to the miner who found a valid block.
ASIC: Application-Specific Integrated Circuit. Hardware designed exclusively for Bitcoin's double SHA-256 computation, orders of magnitude more efficient than general-purpose CPUs or GPUs.
Mining pool: A service where miners combine hashrate to earn steadier, proportional rewards rather than infrequent winner-takes-all payouts. For how pool payout structures work, see PPS vs PPLNS.
Frequently asked questions
Is proof of work the same as Bitcoin mining?
They are closely related but not identical. Proof of work is the mechanism, the requirement that valid blocks must demonstrate computational expenditure. Bitcoin mining is the activity of performing that work in competition with other miners to earn block rewards. Mining is how proof of work gets executed in practice; PoW is the rule that makes mining produce security.
Can Bitcoin ever change from proof of work to proof of stake?
Technically possible; socially and economically unlikely in the foreseeable future. Switching Bitcoin's consensus mechanism would require broad agreement across developers, miners, node operators, and the wider user base. The Bitcoin community has consistently rejected proposals that would change PoW. Miners have billions invested in Bitcoin-specific ASIC hardware that would become worthless under PoS. And many in the community view PoW's external cost as a feature, not a bug, the property that makes Bitcoin's security independent of its own token value.
What happens to Bitcoin security after all 21 million coins are mined?
The block subsidy will eventually reach zero (estimated around 2140 at current halving schedules). Security then depends entirely on transaction fee revenue. Whether fees will be sufficient depends on Bitcoin's transaction volume and fee market at that point. This is a known long-term concern, not an imminent problem, but a genuine question about Bitcoin's long-term incentive structure. For more on supply mechanics, see what is Bitcoin mining.
Does PoW mean Bitcoin transactions are slow?
The ~10-minute block time is an intentional security choice, not a technical limitation. Bitcoin blocks propagate across a global network, allowing adequate propagation time before the next block reduces orphan rate and keeps chain consistency. Transaction finality for moderate-value amounts takes 30-60 minutes at 3-6 confirmations. For speed at the cost of on-chain finality, the Lightning Network settles payments in milliseconds by batching and settling off-chain.
Could a government 51% attack Bitcoin?
A state-level actor would face the same economic and hardware constraints as a private attacker, at a larger scale. Acquiring majority hashrate against Bitcoin's ~1 ZH/s network (May 2026) would require acquiring approximately half of all existing SHA-256 mining hardware globally plus the electrical infrastructure to run it. This is not impossible for a major state, but it is a multi-year, highly visible, multi-billion-dollar undertaking that would be detectable long before completion. Covertly-acquired hardware can't stay covert at that scale.
Why does Bitcoin use double SHA-256 instead of single?
Satoshi used double SHA-256 (applying the function twice: SHA256(SHA256(data))) as protection against a class of theoretical attacks on Merkle tree constructions called length-extension attacks. While SHA-256 has not been broken in any practical sense since Bitcoin's launch, the double application was a conservative design choice. It adds negligible computation overhead relative to mining costs.
Researched and written by the BloFin Academy editorial team with AI-assisted drafting. All facts independently verified.
Disclaimer: This content is for educational purposes only and does not constitute financial, investment, legal, or tax advice. Crypto assets are highly volatile and carry significant risk of loss. Always verify local regulations and consult a qualified professional before making financial decisions.