Educational
Bitcoin's Programmed Security: Part One
How participants are incentivized to secure the network
June 24, 2026 • 20 min read
Introduction
Bitcoin’s “security budget” is often cited as a potential long-term vulnerability—but how credible is that concern?
Roughly every four years, Bitcoin undergoes a “halving,” reducing the reward miners receive for producing new blocks. This built-in mechanism is fundamental to the network’s design, ensuring a predictable and finite supply. However, it also raises a key question: As block rewards continue to decline over time, will miners still be incentivized to secure the network?
As the block subsidy declines over time, Bitcoin proponents argue that transaction fees will eventually replace it as the primary incentive for miners to continue validating blocks. In theory, this shift would preserve the economic incentives needed to maintain the network’s security. However, transaction fees have remained relatively low in recent years, calling into question whether they will rise enough to fully offset declining block rewards.
Early thinking within the Bitcoin community held that increased adoption would naturally drive higher transaction fees. If more users (transactions) try to occupy a limited space (block space), then the fee for said space will ultimately increase.
However, without making assumptions about Bitcoin’s future adoption, forecasting where transaction fees may fall over the next decade—or even in the near term—is challenging. Instead, this article takes a different approach to the “security budget” debate by examining potential risks directly. This includes scenarios where Bitcoin’s hash rate declines relative to its market capitalization, as well as if a single entity gains a majority share of the network’s total hash rate.
The goal: to separate theoretical concerns from economically viable threats—and provide institutional investors with a clearer, data-driven perspective on Bitcoin’s long-term resilience.
Incentivizing Hash Rate Through Price Appreciation
The first assumption to “solve” for Bitcoin’s dwindling issuance relies on an increase in transaction fees. However, this is not the only mechanism that can sustain incentives. An increase in bitcoin’s exchange rate can serve as an equally—if not more—powerful driver of mining activity.
The table below highlights this dynamic by comparing bitcoin-denominated block rewards to the average daily miner revenue in U.S. dollars across each epoch. While bitcoin-denominated rewards have declined by 50% every four years, amounting to roughly a 94% reduction over bitcoin’s life, the average daily USD-denominated miner revenue has increased by 157,836% over that same period.
For investors, this highlights an important dynamic: Despite declining issuance, miner incentives—and by extension, network security—have historically strengthened alongside bitcoin’s price. 
Despite a substantial decline in bitcoin-denominated mining rewards, bitcoin’s exchange rate has increased by orders of magnitude, reflecting how rising demand and growing adoption have more than offset the declining issuance rate so far.
Programmatically, each halving reduces the flow of new coins entering the market. Historically, these events have been followed by periods of significant price appreciation.
While price volatility may moderate over time with each halving, it could be premature to dismiss the second-order effects of adoption—particularly for an asset with a fixed, finite supply.
For example, gold (a similarly scarce asset), experienced a significant two-year rally of approximately 167% beginning in 2024. Its market capitalization nearly tripled during this period, rising from $14.5 trillion to an all-time high of $38.2 trillion in early 2026. In absolute terms, gold added nearly $24 trillion in value in two years, or roughly 12 times bitcoin’s current market capitalization.1
A common saying in economics, “demand creates its own supply,” describes how traditional markets tend to respond to shifts in demand. As demand increases, price rises, sending a signal that attracts new participants. Over time, additional supply enters the market, helping restore equilibrium as supply and demand converge and prices stabilize.
Bitcoin’s proof-of-work issuance model inverts this dynamic. Over time, new demand must be increasingly satiated by existing supply. Even if all available computing power was directed toward mining, it would be incapable of meaningfully altering the issuance schedule.
Taking this thinking a step further, the table below models bitcoin’s price in a scenario where hash rate, difficulty, and transaction fees remain consistent even as the block subsidy continues declining.
These values are based on a preliminary, high-level calculation designed to illustrate the approximate bitcoin price required to sustain current miner economics. In effect, the exercise asks: What price would bitcoin need to reach to preserve existing profit margins and maintain the network at roughly one zettahash per second, assuming no changes across hash rate, fees, or overall network conditions?
Notably, the required price aligns with a predictive quantile regression model.
This framework does not account for changes in hash rate, mining efficiency, energy prices, or other evolving variables. However, it illustrates a key point: current levels of network security could be sustained through bitcoin’s price appreciation, even as issuance declines.
Furthermore, the projected price appreciation aligns with established valuation frameworks, such as the "Bitcoin: Quantile Regression Price” model shown below. At a high level, this model maps where bitcoin’s exchange rate has historically traded relative to its long-term trend and projects those relationships forward.
The lower band (Q0.00) represents the level below which bitcoin has never traded relative to the model’s mean. The median band (Q0.50) reflects the central tendency, where bitcoin’s exchange rate trades 50% of the time. The upper band (Q0.99 ) captures the extreme range, encompassing prices bitcoin has traded for under 99% of its life.
It is not viable to assume bitcoin’s exchange rate will continue rising and therefore will always incentivize its own security. For example, this model assumes bitcoin’s price would—at a minimum—double every four years for 100+ years. Therefore, a more complete analysis must also consider scenarios in which the cost to attack the network falls below the cost of honest participation.
At a high level, the primary concern is a 51% attack, where a single entity gains majority control of the network’s hash rate. This level of control introduces two specific attack vectors. However, the potential effectiveness of these attacks may diminish over the duration of an attack.
To date, attempts to execute such attacks have not proven successful, and the economic and structural constraints of the network suggest they remain unlikely to be effective at scale.
The 51% Attack: An Attack Limited in Scope
A 51% attack can occur when a majority of hash rate is controlled by one or more maliciously aligned pools. Historically, pools have regulated their dominance with hashers disbanding pools that grow too dominant. 
The control of a majority of hash rate gives attackers a significantly increased probability of creating new blocks as well as rewriting old blocks. In the scenario where a majority of hash rate is controlled with malicious intent, a 51% attack can be carried out, causing uncertainty around transaction finalization and future censorship guarantees.
However, these attacks do not give central authority over Bitcoin’s ruleset. Therefore, 51% attacks remain limited in scope.
A Double-Spend Attack
The double-spend attack is conceptually straightforward. An attacker controlling the majority of the network’s hash rate gains a probabilistic ability to rewrite old blocks and overtake the canonical chain. By consistently producing blocks faster than the rest of the network, the attacker can effectively dictate the chain’s history for the duration of the attack.
In this scenario, the attacker (Alice), sends 10 bitcoin to Bob to purchase an item in person. The funds are confirmed in block one, and Bob, seeing the confirmation, completes the sale.
Now that Alice has the item in her possession, she will start her attack. She rewrites block one (and any blocks mined by the network since the sale), erasing the transaction where she paid Bob. Bob now sees a zero balance in his wallet, as if the funds were stolen. What really happened? Alice rewrote Bitcoin’s history. According to the blockchain, the BTC was never sent to Bob.
Nodes in the network choose to build on the longest proof-of-work chain. The entire network is consistently building on a single chain tip most of the time. However, because of latency and simultaneous block discovery (luck), two competing blocks can be proposed at the same time.
Two competing blocks will eventually result in an orphan block since there can only be one chain. An orphan block is one that is dropped from the chain’s history in favor of another chain with more “work.” This happened recently when mining pool Foundry USA produced seven blocks in a row, orphaning two blocks mined by AnyPool and ViaBTC pools.2
More on forks and orphan blocks can be found here. 
Put simply, when two blocks are simultaneously proposed, miners must choose which to build upon. Miner rewards are unspendable for 100 blocks. Therefore, if miners build on a block that is later orphaned, they have spent time and energy producing hashes for nothing. This phenomenon occurs by chance.
The double-spend attack is similar but engineered. The attacker has enough hash rate to rewrite or “re-discover” old blocks. This gives them the ability to rewrite the history of the chain. All they must do is create a longer chain than the original, and nodes will automatically switch to the new chain, adopting its history as the true history of the blockchain.
It is important to note that each block requires an immense amount of energy while total hash rate is high. Going deeper into the chain to rewrite requires the attacker to rebuild those blocks as well as build faster than the remaining “honest” nodes on the network. A 51% majority makes this significantly easier but nearly impossible the deeper into the blockchain the attacker goes.
The double-spend attack is not feasible until the attacker acquires a majority of the hash rate because their ability to catch up from a deficit is calculated using a multi-step probability formula. This formula is known as the Gambler’s Ruin problem and is described by Satoshi in the original whitepaper.3
Alternatively, even a small minority of hash rate enables the ability to rewrite shallow historical blocks, but this attack is easily negated with standard confirmation wait times. For example, bitcoin exchanges commonly wait for at least six blocks before they consider funds settled. This helps negate such an attack. 
A Censorship Attack
An entity that controls more than 50% of the network’s hash rate effectively monopolizes block production. A monopoly of block production means unilateral authority over the contents of each block produced.
In other words, the censorship attack is an attack that excludes expected transactions. An attacker could censor select transactions or all transactions, resulting in empty blocks.
For example, highlighted on the table below in pink [left] are the expected transactions that were excluded from the mined block [right]. This could be conveyed as a form of censorship but is meant to portray an example of a pool’s individual preference. 
Had this pool sustained sole block production, this could be interpreted as a censorship attack. However, the next six blocks were mined by completely different pools, indicating there was no sole control over block production. Therefore, it is highly likely that each of these transactions were included in the following blocks, thus disqualifying this as a successful attack on the network.
Liveness is a fundamental attribute of blockchains. Valid transactions must freely flow on the network. If new blocks stop being minted, or transactions are not added to new blocks, assets on the blockchain cannot be transferred and become useless. In this scenario, the network has failed to maintain its most fundamental property.
A censorship attack depends on the probability of finding consecutive blocks absent “luck” afforded by the universe. Put simply, owning 99% of the hash rate does not guarantee a monopoly over block production over an infinite amount of time. 
The Bernoulli simulation uses a simple formula to calculate the probability of something that has only two outcomes: success or failure. For instance, did the attacker mine six blocks in a row? Or, did they not?
A more straightforward example might be to calculate the probability of a two-sided coin landing on heads six times in a row (qn=probability_of_successstreak=0.56). A coin has a 50% chance of landing on a specific side. Therefore, the Bernoulli simulation indicates a 1.6% theoretical probability of successfully landing on one side six times in a row. However, if you were to conduct this experiment once by flipping a coin six times, you may get a different outcome.
The Monte Carlo simulation is how to test the outcome of this experiment over a specific number of trials. In the previous example, the coin would have been flipped six consecutive times over 500,000 trials. Over these trials, our results were similar to the Bernoulli simulation.
For the censorship attack to be successful, the attacker must maintain upwards of 99% of the hash rate. With anything less than 99% control of hash rate, the attack is likely to fail within the next six blocks. This could then impact Bitcoin’s effectiveness and short-term value if participants did not react by creating a high fee environment (users) and incentivizing more competition for block production (miners).
However, the attacker fails each time a block is found outside of their control. It is extremely costly to create such an attack without extraordinary coordination from network participants.
Potential Market Responses to Attack Scenarios
Each of these attack vectors carries significant economic and operational costs—and they cannot be executed without network participants taking notice. Bitcoin’s transparent and globally distributed network makes sustained attacks both difficult to coordinate and increasingly expensive over time.
In terms of the double-spend scenario, an attacker must continuously outpace the rest of the network, effectively engaging in a game of catch-up. This requires not only substantial upfront resources, but also sustained expenditure to maintain a competitive edge.
In a censorship attack, costs accumulate over the entire duration of the effort. Censorship is also highly identifiable due to Bitcoin’s transparent ledger. As transactions are delayed or excluded, users may respond by increasing fees to prioritize inclusion in the next block.
As users begin noticing that their transactions are taking longer to confirm, urgency in user transactions may increase. Increased urgency causes transaction fees to climb (rewards for miners). Higher transaction fees would likely act to incentivize additional honest participation, pulling more hash rate online to compete directly with the attacker or even redirecting hash rate from the attacker themselves.
In turn, this growing economic incentive acts on both the attacker and honest participants. Any successful block miner would be able to claim those fees as their reward.
In the case of a non-economic attacker, the mempool still represents a meaningful reward for external participants to reallocate time and energy toward the reward. In theory, the longer a censorship attack, the higher the reward, and the more hash rate comes online to capture it.
Conclusion
At first glance, the declining block subsidy presents a compelling concern. However, there are multiple mechanisms in place reinforcing miner incentives and, by extension, network security.
In one scenario, ongoing adoption supports price appreciation, increasing the value of block rewards even as issuance declines. Alternatively, a more competitive fee market emerges, where limited block space drives higher transaction fees and prioritizes higher-value settlement on the base layer.
While neither exchange rate appreciation nor fee growth can be relied on in isolation, Bitcoin’s incentive structure consistently favors honest participation. Its proof-of-work consensus mechanism imposes a high cost on adversarial behavior, reinforcing alignment among network participants.
Across the attack scenarios considered, this dynamic persists: The cost and complexity of acting against the network remain substantial, while the economic incentives of honest participation are more durable and attainable.
To learn more about potential attack scenarios, continue to part two of this series.
Interested in learning more about how Bitcoin’s security dynamics may play out over time? Get in touch.
1MacroMicro, Gold vs. Bitcoin - Market Capitalization, accessed May 11, 2026, https://en.macromicro.me/collections/45/mm-gold-price/120695/gold-market-cap-vs-bitcoin-market-cap.
2B10c [@0xB10C]. (2026, March 23). We just had a rare-ish two block fork/reorg between Foundry and AntPool+ViaBTC. Foundry mined six blocks in a row. [Post]. X. https://x.com/0xB10C/status/2036118084734349542?s=20
3Bitcoin.org, Bitcoin: A Peer-to-Peer Electronic Cash System, published October 31, 2008, https://bitcoin.org/bitcoin.pdf, bitcoin.org/bitcoin.pdf
The information herein was prepared by Fidelity Digital Assets, National Association (“FDA, NA”) and Fidelity Digital Assets, Ltd (“FDA, LTD”). It is for informational purposes only and is not intended to constitute a recommendation, investment advice of any kind, or an offer to buy or sell any asset. Perform your own research and consult a qualified advisor to see if digital assets are an appropriate investment option.
Digital assets are speculative and highly volatile, can become illiquid at any time, and are for investors with a high risk tolerance. Investors in digital assets could lose the entire value of their investment. Digital assets are not insured or guaranteed by the Federal Deposit Insurance Corporation, or any other government agency, and are not obligations of any bank.
Custody and trading of digital assets are provided by FDA, NA, which is a national trust bank. FDA, LTD relies on FDA, NA for these services. FDA, LTD is registered with the Financial Conduct Authority under the U.K.’s Money Laundering Regulations. The Financial Ombudsman Service and the Financial Services Compensation Scheme do not apply to the cryptoasset activities carried on by FDA, LTD.
To the extent this communication constitutes a financial promotion in the U.K., it is issued only to, or directed only at, persons who are: (i) investment professionals within the meaning of Article 19 of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (the "FPO"); (ii) high net worth companies and certain other entities falling within Article 49 of the FPO; and (iii) any other persons to whom it may lawfully be communicated.
This information is not intended for distribution to, or use by, anyone in any jurisdiction where such distribution would be contrary to local law or regulation. Persons accessing this information are required to inform themselves about and observe such restrictions.
FDA, NA and FDA, LTD do not provide tax, legal, investment, or accounting advice. This material is not intended to provide, and should not be relied on, for tax, legal, or accounting advice. Tax laws and regulations are complex and subject to change. You should consult your own tax, legal, and accounting advisors before engaging in any transaction.
Views expressed are as of the date indicated, based on the information available at that time, and may change based on market or other conditions. Unless otherwise noted, the opinions provided are those of the speaker or author and not necessarily those of Fidelity Digital Assets or its affiliates. Fidelity Digital Assets does not assume any duty to update any of the information.
Coin Metrics is a trademark of Coin Metrics Inc. Copyright © Coin Metrics, 2026.
Fidelity Digital Assets and the Fidelity Digital Assets logo are registered service marks of FMR LLC.
© 2026 FMR LLC. All rights reserved.