Miner Incentives & the Security Budget
A blockchain secured by proof of work is, at heart, an economic machine. Its security doesn’t come from a law or a firewall — it comes from the fact that rewriting history would cost more than it’s worth. To understand why that’s true, we have to follow the money: what miners spend, what they earn, and why the cheapest path to profit runs straight through honest behavior.
Miners spend real resources
Section titled “Miners spend real resources”Mining is not bookkeeping. A miner runs specialized hardware (ASICs) that guesses hashes trillions of times per second, burning electricity and depreciating expensive machines, all to find a block that satisfies the difficulty target. This expenditure is the whole point: it converts real-world cost into ledger security. Influence over the chain is rented from physics, not granted by an identity. (That’s the Sybil-resistance idea from Satoshi’s synthesis, seen from the money side.)
So why would anyone pay those bills? Because the protocol pays them back — in two ways.
The two revenue streams
Section titled “The two revenue streams”Every block a miner finds lets them collect a block reward, made of:
Block reward = Block subsidy + Transaction fees (newly minted BTC) (paid by the txs in the block) set by the halving bid by users for block space schedule, halves — see the fee market every 210,000 blocks- The subsidy is fresh BTC, created in the block’s special coinbase transaction. It started at 50 BTC and halves on schedule toward zero (see halving & issuance).
- The fees are paid by users competing for limited block space — the subject of the fee market page that follows.
Today the subsidy still dominates, but it is shrinking by design. That sets up the long-run question we’ll reach at the end.
Why honest mining is the most profitable strategy
Section titled “Why honest mining is the most profitable strategy”Here is the elegant part. A miner with a lot of hardware has, on paper, the power to attack the chain — to try to rewrite recent history (a “51% attack”). Why don’t they? Not because they can’t, but because it usually doesn’t pay.
Consider the choices facing a rational, profit-maximizing miner:
| Strategy | What it requires | What it earns |
|---|---|---|
| Mine honestly | Buy hardware, pay for power | Steady subsidy + fees, indefinitely |
| Attack the chain | Buy/redirect majority of hash power | Maybe one double-spend, then a ruined asset |
To attack, you must out-hash the entire honest network — an enormous, sustained, visible expenditure. And the prize is thin: you might reverse a payment or two before the network notices. Meanwhile, the act of attacking would shatter confidence in Bitcoin, crashing the price of the very asset you spent a fortune to acquire hardware for. You’d be torching your own revenue stream and your own balance sheet at once.
This is how miner incentives answer the textbook’s recurring question. How do untrusting strangers agree on one ledger? Because the participants with the most power to corrupt it are the ones with the most to lose from corrupting it. Self-interest and network security point the same way.
The “security budget”
Section titled “The “security budget””Put the two revenue streams together and you get a concept worth naming:
Security budget = the total reward miners earn per unit time = subsidy + fees.
The security budget is roughly the size of the bribe an attacker would have to beat to make dishonesty worthwhile. The more miners are collectively paid to play honest, the more hash power exists, and the more expensive any attack becomes. A large, well-funded honest majority is the fortress wall — and the security budget is what pays to build and man it.
Crucially, the budget is denominated in BTC but valued in purchasing power. A halving cuts the BTC subsidy in half, but if the price has more than doubled over that era, the security budget in dollar terms can still grow. Historically that’s roughly what happened. There is no guarantee it continues.
The long-run question: when the subsidy goes to zero
Section titled “The long-run question: when the subsidy goes to zero”The subsidy is engineered to vanish. By around the year 2140, new issuance effectively ends, and the block reward will consist of fees alone. This is Bitcoin’s most serious open economic question, and an honest textbook flags it plainly:
- Will fees be enough? If the security budget shrinks, so does the cost of attacking. A network that’s cheap to attack is a network whose ledger strangers have less reason to trust.
- Where do fees come from? From demand for block space. That demand might come from ordinary on-chain payments, from settlement of higher layers, or from uses we can’t yet predict — but it has to be enough, and reliably so.
- The supply of space is fixed (about 4 million weight units per block), so the only lever is price — how much users will bid. Whether that produces a security budget large enough, decades out, is genuinely unknown.
The next page studies the other half of that future revenue directly: how block space gets priced in the fee market.
The architect’s lens
Section titled “The architect’s lens”The security budget is a deliberate economic design — worth the five questions:
- Why does it exist? To pay the honest majority enough that attacking is irrational — the budget (subsidy + fees) is the bribe an attacker must beat, converting real-world cost (electricity, ASICs) into ledger security rented from physics, not granted by identity.
- What problem does it solve? Aligning the people with the most power to corrupt the ledger with the most to lose from it: a rational miner earns more pointing hardware at honest mining than at a 51% attack that craters the asset they’re invested in.
- What are the trade-offs? The subsidy is engineered to vanish (~2140), so security must eventually rest on fees alone — and whether fee demand for fixed ~4M weight units reliably clears at a high-enough price a century out is genuinely unknown (don’t claim it’s obviously fine or doomed).
- When should I avoid it? A PoW security budget is the wrong model where you don’t need permissionless Sybil resistance — a staked or permissioned system reaches agreement without paying a perpetual real-resource subsidy.
- What breaks if I remove it? With no reward, no one burns resources to mine, hash power collapses, and the cost of rewriting history falls toward zero — the fortress wall is unmanned and the ledger becomes cheap to attack.
Check your understanding
Section titled “Check your understanding”- What two components make up a miner’s block reward, and which one is engineered to disappear?
- A miner has enough hardware to attack the chain. Give two distinct reasons a rational miner still mines honestly instead.
- Define the “security budget” and explain why a larger one means a more expensive attack.
- Why can the security budget in dollar terms grow even though the BTC subsidy is being halved?
- State, without exaggerating in either direction, the long-run risk in the subsidy-to-fees transition.
Show answers
- The block subsidy (newly minted BTC from the coinbase, started at 50 BTC, halving every 210,000 blocks) and transaction fees (bid by users for block space). The subsidy is the one engineered to disappear, shrinking toward zero.
- (a) It’s expensive: attacking means out-hashing the entire honest network — an enormous, sustained, visible expenditure — for a thin prize of maybe one or two reversed payments. (b) It’s self-defeating: the attack would shatter confidence and crash the price of the very asset they spent a fortune on hardware to acquire, torching their own revenue stream and balance sheet at once.
- The security budget = total reward miners earn per unit time = subsidy + fees. A larger budget funds more honest hash power, and since an attacker must out-spend that honest majority, more hash power makes any attack more expensive — it’s the bribe an attacker has to beat, and the wall that pays to build itself.
- Because the budget is denominated in BTC but valued in purchasing power. A halving cuts the BTC subsidy in half, but if the price has more than doubled over that era, the dollar-value security budget can still grow — roughly what has happened historically, though with no guarantee it continues.
- Around 2140 issuance effectively ends and the reward becomes fees alone; if fees don’t sustain a large enough security budget, attacks get cheaper and the ledger becomes less trustworthy. Whether fee demand for fixed block space (~4M weight units) will reliably clear at a high-enough price a century out is genuinely unknown — don’t claim it’s obviously fine or obviously doomed.