Educational
Bitcoin’s Programmed Security: Part Two
Potential attack scenarios and network response
June 24, 2026 • 20 min read
Introduction
How might Bitcoin’s security perform if its core assumptions were put under pressure?
Part one of this series outlined the primary attack vectors that can emerge when a majority of Bitcoin’s hash rate is controlled by malicious actors. This follow-up extends its focus to how economically rational participants may respond in these scenarios—and how those responses may shape the network’s overall security profile.
At its core, the question is how a decentralized system can defend itself without centralized coordination. As future halving cycles reduce issuance, what happens if hash rate stagnates? Or will hash rate have to continually rise to secure the network?
In a low hash rate environment, the primary concern is a 51% attack. Centralized control over block production introduces two key attack vectors, although both may prove self-limiting over the duration of the attack and have not been observed at scale to date. Fidelity Digital Assets® Research believes these attacks are limited in scope, as they do not grant control over Bitcoin’s ruleset (e.g., maximum supply). They are also inherently disruptive and likely to be countered by market forces, even in the absence of coordination.
For the purposes of this analysis, consider a scenario in which the network is vulnerable to a 51% attack. From that starting point, two underlying demand conditions frame the analysis:
- Bitcoin has no demand and is not used
- Bitcoin has persistent demand, regardless of price
This distinction is key. In the absence of demand, most network dynamics become irrelevant. Where demand persists, however, participant behavior and economic incentives drive the outcomes explored below.
Bitcoin’s Incentive Structure is [Re]Active
Attacks on Bitcoin cannot occur in isolation. Even without coordination, economic incentives begin to align against an attacker. The primary attack vectors discussed in part one (censorship and double-spend-attacks) naturally introduce counter incentives that either discourage malicious behavior through proof-of-work or incentivize honest participants to respond through market dynamics.
In effect, Bitcoin’s design positions economically rational actors in opposition to an attacker. As an attack unfolds, the network’s incentive structure naturally mobilizes participants—without coordination—to reinforce its security.
For example, when the network produces empty blocks, transaction fees begin to rise as users reprice transactions to ensure inclusion in subsequent blocks. Each additional block that excludes transactions continues this feedback loop, elevating fees higher.
These second-order effects, however, depend on a key assumption: There is underlying demand for Bitcoin. If Bitcoin has no demand, there would be fewer participants with an incentive to react. In such a scenario, the economic motivation to attack the network would also be lower—suggesting that attacks are most relevant when Bitcoin has established value.
Bitcoin’s early history offers a useful reference point. During its initial years, economic value and hash rate were equally low, as shown in the chart “Bitcoin’s Value vs. Hash Rate”.
While the network may have been susceptible to a 51% attack at this time, the lack of meaningful economic incentive made it an unattractive target. The network was nascent and largely overlooked by would-be attackers. In practical terms, young networks with limited value are not worth the cost of an attack.
As bitcoin’s value has increased, so too has the energy input securing the network, reflected in the rising hash rate. This cost is distributed across market participants. In contrast, an attacker seeking to gain majority control would need to compete against the combined energy expenditure of the network—bearing the full marginal cost of that effort in a worst-case scenario.
Alternatively, an attacker could attempt to crowd out honest participants by compressing profit margins. However, this approach requires sustained cost pressure, making it difficult to execute without eroding the attacker’s own profitability in the process.
While hash rate is commonly used as a proxy for Bitcoin’s “security,” it is important to note that the relationship is more nuanced than a simple “hash rate equals security” equation. 
When Bitcoin is used, independent self-interested users create incentives that collectively reward uncensored blocks. Hashers and pools are then incentivized to direct their hash rate toward growing the blockchain. This emergent behavior occurs without any coordination among the network as each pool or hasher intends to claim their rewards.
An example of this behavior can be seen in the fee rate leading up to the fourth halving. Users were seen repricing transaction fees in real time simply because they wanted their transaction to be included in block 840,000.
The incentives here were different from the proposed censorship attack, but the outcome is effectively the same. As the urgency for block inclusion rises, so do the fees. A significant increase in fees was observed during this halving event, resulting in more than $2.4 million in total fees which exceeded the new block subsidy by approximately twelve-fold (37.626BTC tx fees)/3.125BTC blk reward).1
Additionally, because this block was mined within roughly four minutes, there was not enough time for users to continuously outbid each other. This implies that the auction for block space could have escalated materially higher had it persisted for the full 10-minute period.
In comparison, a censorship attack lasting longer than one block could see an immediate fee response not unlike the halving inscription craze if the same urgency were present. 
The Future of Bitcoin
The Feedback Loop
A programmatic feedback loop exists within the Bitcoin network. When price rises, rewards increase, and miners add hash rate to capture increased profits. More hashes raise the probability of finding a block faster than the 10-minute standard. Quicker block production leads the network to programmatically raise the difficulty to maintain an average of 10-minute block times.
Conversely, if price decreases, hash rate may go offline due to low profit margins. The code will programmatically adjust the difficulty downward to maintain an average of 10-minute block times.
The important piece to note is that each participant or variable acts independently of the other but has always positioned itself according to its needs. This has maintained a high cost of attack relative to honest participation.
Economic Equilibrium
Proof-of-work is the mechanism that enables anyone to add to Bitcoin’s blockchain. It steers the network toward decentralization and censorship resistance. Proof-of-work can appear complex, but at its core it relies on a simple hash function. Put simply, a miner will aggregate network information (transactions, timestamp, and the previous block’s hash) and output a single string of numbers and letters called a hash.
Example:
Allie1btc+Bob-1btc+177669781= 339d06affdf123926f97fb5e2825657070d9e9562096ca41fd730c47c3539ef8
Miners create trillions of these hashes per second, but each hash costs electricity to compute. The “hash rate” is the measurement of hashes. Hashing is an energy-intensive, one-way function pivotal to Bitcoin’s proof-of-work system.
The hash rate is helpful when determining overall participation in block creation. However, the network itself knows nothing about the hash rate. Instead, Bitcoin is programmed to use the speed at which blocks are found to calculate the “average block time.” The network will then raise or lower the difficulty to maintain an average of 10-minute block times. This action is called a difficulty adjustment.
A high hash rate has historically been associated with stronger network security. However, Bitcoin’s difficulty adjustment and the resulting mining target also play a fundamental, though less direct, role. In other words, even if hash rate were to stagnate or decline, the cost of executing an attack could remain higher than the cost of honest participation.
Creating Global Competition
Hash rate is globally mobile and competitive, and the difficulty adjustment is the tool that regulates miner competition. By doing so, it ensures the cost to attack the network remains higher relative to the more efficient option: honest participation. It skews participant incentives to serve the network instead of exploiting or attacking it.
In a lower hash rate environment, the difficulty adjustment helps preserve economic alignment across participants. Even if an attacker were to gain 51% of the network’s hash rate, they would remain economically incentivized to participate honestly and capture the associated block rewards rather than undermine the system.
In practice, it is almost always more cost effective to participate honestly and benefit from a competitive advantage than incur the significant costs associated with an attack—including equipment, energy, and potential reputational or strategic consequences.
The market continuously recalibrates the cost of an attack by utilizing the difficulty adjustment.
Year 2040
Fast forward to 2040, when the block subsidy declines to 0.195 bitcoin. Applying 2026 miner economics to this scenario helps illustrate the core concern: Total fees would amount to roughly $2,000, while the subsidy would fall from $281,000 (3.125 BTC at $90,000 BTC) to $17,550 (0.195 BTC at $90,000 BTC). While it is unlikely that current conditions will persist unchanged into the future, this framing underpins much of the debate surrounding Bitcoin’s long-term security budget.
That said, the Fidelity Digital Assets® Research team does not believe that the exchange rate or transaction fees need to exponentially rise to sustain network security.
The main proponent of security lies within the multi-faceted equilibrium of all the different network participants. Each participant acts based on their own unique incentives, which may overlap—or be directly influenced by—the actions of others. In short, everyone reacts in real time to physical incentives, driven by external market forces and maintained by the difficulty adjustment. 
Put simply, Bitcoin’s security is not determined by any single participant or metric such as hash rate. It is derived from a global, relative cost function. In other words, an aggregation of cost-benefit analysis. Participants must continuously ask themselves, “Is it cost effective to mine given energy inputs? Are profit margins sufficient through subsidy or fees? Are Bitcoin’s core properties—such as censorship resistance and fixed supply—intact?”
This ongoing economic competition has historically anchored participation to the network. In turn, it raises the cost of an attack, as any adversary must compete directly with a globally distributed set of economically motivated participants.
The Year 2140
Fast forward another 100 years, the block subsidy is zero, and transaction fees are negligible. Has Bitcoin’s security completely vanished?
In the opinion of the Fidelity Digital Assets® Research team, we can look toward Bitcoin’s early days to answer this question. There is no guaranteed reward (block subsidy) from an attack. The reward is censorship, or double spending bitcoin, but the attack remains limited in scope.
Scenario A (2009–2010): Looking 100 years ahead, imagine bitcoin has no value, miners have exited the network, and the cost to attack is low. While an attack may be technically feasible in this environment, the economic incentive to carry it out remains limited.
An attacker could expend resources to outcompete any remaining hash—but to what end? The ability to censor transactions or double spend bitcoin offers little value if there are few participants willing to accept it.
This scenario closely resembles Bitcoin’s early days, when hash rate was low, awareness of the protocol was limited, and real-world usage was minimal. In practical terms, when Bitcoin is not valued, it is unlikely to be attacked.
While attacks may be more feasible under these conditions, they remain economically irrational.
Scenario B (2010–2019): Bitcoin’s value continues to grow, the network is widely used, and miners and other energy players join the network to capitalize on increasing profits. The difficulty continues to adjust upward, making the cost to attack higher than the cost to mine honestly. Due to seemingly ever-growing profits, hardware is hard to acquire, making an attack physically difficult.
An attacker is not incentivized to acquire a competitive advantage because there is no guaranteed reward. Unlike the earlier years of Bitcoin, blocks now only carry transaction fees.
Since a successful 51% attack is limited in scope and is relatively hard to produce, an attack remains economically irrational.
Scenario C (2019–2026): In this scenario, bitcoin retains value but remains highly volatile. Miners face compressed margins, making it difficult to scale profitability, leading some to exit the network while more efficient machines join.
As a result, efficiency-driven innovation becomes a strategic necessity. Hash rate is increasingly concentrated among participants able to optimize costs (e.g., heat capture, home mining, and stranded or wasted energy), alongside energy producers, and entities willing to mine at a loss to protect capital (e.g., at-home miners, banks, and nation states).3
The difficulty adjustment maintains competitive balance among these participants, while the fee market continues to adapt to changing demand. Even under these conditions, the cost of executing an attack remains higher than the cost of participating honestly through transaction fees.
Additionally, if there is demand for hash rate, it may be more cost efficient to rent out hash rate as a service or exit the system completely by selling existing hardware rather than attack it.
An attack is not economically rational.
Scenario D (Unprecedented): Lastly, bitcoin’s value stalls. In theory, if bitcoin’s exchange rate stalled at $100,000, the difficulty would also stall. This scenario assumes that the hash rate remains competitive, and the only increase in hash rate is due to increased efficiencies within the industry.
Put simply, there is no economic advantage to running hash rate at a loss. Pre-existing and new participants may choose to chase higher profit margins by upgrading devices to use less energy or simply produce more hashes with the same input costs. This could result in hash rate rising year-over-year as pre-existing hardware is upgraded to maintain the thin profit margins.
Otherwise, hash rate may stall or fall as miners choose to lower their input costs. While the increased profit margins due to efficiency gains still point to honest actors, any hash rate loss may present new profits somewhere else. Attacking the network would remain more expensive relative to honest participation.
An attack is not economically rational.
Conclusion
In every scenario where demand for Bitcoin exists, the difficulty adjustment continuously recalibrates the cost of an attack according to the needs of the network. These conditions are shaped by a range of market inputs, including hash rate, exchange rate, energy prices, hardware availability, and transaction fees. When the cost of attacking the network exceeds any alternative use of capital, energy, or hardware, such attacks remain economically irrational.
Without the difficulty adjustment, this balance would break. Declining hash rate would make mining prohibitively difficult, driving participants to exit and lowering the cost of an attack. Alternatively, if price appreciation were left unchecked without the difficulty adjustment, incentives could concentrate hash rate and undermine competition. In both cases, network security would deteriorate.
Instead, the difficulty adjustment preserves competitive equilibrium. It ensures that, regardless of whether hash rate is rising or falling, the relative cost of attacking the network remains higher than the cost of participating honestly.
For this reason, the Fidelity Digital Assets® Research team does not see Bitcoin’s issuance schedule as a sufficient basis for long-term security concerns. The network’s resilience is rooted in the independent, economically rational behavior of its participants—whose self-interest continues to reinforce censorship resistance and the immutability of the blockchain.
Connect with our team to discuss how Bitcoin’s evolving security dynamics may impact your portfolio.
1The Mempool Open Source Project, Block 840000, accessed April 12, 2026, https://mempool.space/block/0000000000000000000320283a032748cef8227873ff4872689bf23f1cda83a5
2Strike, What is the bitcoin supply schedule?, accessed April 11, 2026, https://strike.me/en/learn/what-is-the-bitcoin-supply-schedule.
3Github, Characterizing and Modeling Energy Flexibility..., published May 2026, https://github.com/dmrobotix/phd/blob/main/dissertation.pdf
The information herein was prepared by Fidelity Digital Assets, National Association (“FDA, NA”) and Fidelity Digital Assets, Ltd (“FDA, LTD”). It is for informational purposes only and is not intended to constitute a recommendation, investment advice of any kind, or an offer to buy or sell any asset. Perform your own research and consult a qualified advisor to see if digital assets are an appropriate investment option.
Digital assets are speculative and highly volatile, can become illiquid at any time, and are for investors with a high risk tolerance. Investors in digital assets could lose the entire value of their investment. Digital assets are not insured or guaranteed by the Federal Deposit Insurance Corporation, or any other government agency, and are not obligations of any bank.
Custody and trading of digital assets are provided by FDA, NA, which is a national trust bank. FDA, LTD relies on FDA, NA for these services. FDA, LTD is registered with the Financial Conduct Authority under the U.K.’s Money Laundering Regulations. The Financial Ombudsman Service and the Financial Services Compensation Scheme do not apply to the cryptoasset activities carried on by FDA, LTD.
To the extent this communication constitutes a financial promotion in the U.K., it is issued only to, or directed only at, persons who are: (i) investment professionals within the meaning of Article 19 of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (the "FPO"); (ii) high net worth companies and certain other entities falling within Article 49 of the FPO; and (iii) any other persons to whom it may lawfully be communicated.
This information is not intended for distribution to, or use by, anyone in any jurisdiction where such distribution would be contrary to local law or regulation. Persons accessing this information are required to inform themselves about and observe such restrictions.
FDA, NA and FDA, LTD do not provide tax, legal, investment, or accounting advice. This material is not intended to provide, and should not be relied on, for tax, legal, or accounting advice. Tax laws and regulations are complex and subject to change. You should consult your own tax, legal, and accounting advisors before engaging in any transaction.
Views expressed are as of the date indicated, based on the information available at that time, and may change based on market or other conditions. Unless otherwise noted, the opinions provided are those of the speaker or author and not necessarily those of Fidelity Digital Assets or its affiliates. Fidelity Digital Assets does not assume any duty to update any of the information.
Fidelity Digital Assets and the Fidelity Digital Assets logo are registered service marks of FMR LLC.
© 2026 FMR LLC. All rights reserved.