A small group of Bitcoin Core developers did something that hardly anyone outside of their circle noticed on a Wednesday morning in early April, while the majority of the cryptocurrency community was occupied with watching price charts and debating ETF flows. They intentionally broke Bitcoin. Signet is the test network where the protocol’s quiet concerns are voiced before they ever make it to the mainnet—not the real one, of course. The term “attack blocks,” which was used to describe the demonstration, has an odd connotation. Although it sounds like something from a thriller, the actual situation was more akin to a controlled burn.
To put it simply, the plan was to mine blocks that were so purposefully awkward and loaded with computational baggage that regular nodes would be unable to verify them. A Signet node could be set up by anyone with an extra laptop and enough storage, and verification times would increase from milliseconds to excruciatingly longer. It wasn’t the worst. By refusing to provide a recipe to anyone who might wish to use it, the developers purposefully withheld the most malicious version of the attack. However, the point could be made even with the diluted version.
As this develops, there seems to be a change in the way Bitcoin’s stewards discuss risk. Because Bitcoin has the longest chain, the highest hash rate, and the most expensive network to attack, the prevailing narrative surrounding its security has been one of quiet confidence for years. The discussion has mostly shifted to exotic threats like quantum computing or stablecoin contagion because estimates still place the cost of a significant 51% attack on Bitcoin somewhere above six billion dollars. The attack blocks demonstration serves as a reminder that the earlier concerns remain relevant. All they’ve done is wait.
The proposal at the heart of it all, BIP 54, is a component of what developers have come to refer to as the Great Consensus Cleanup. It’s an unglamorous name for unglamorous work: patching four serious consensus flaws that have persisted in the codebase for years, in part because doing so necessitates the kind of meticulous coordination that Bitcoin’s culture both demands and opposes. Anyone who has watched the SegWit battle or the Taproot upgrade can attest to how slowly things progress when no one is in control. Usually, this slowness is presented as a feature. There are moments when it seems more like a different kind of vulnerability.
It’s difficult to ignore the timing. The attack blocks demonstration coincided with new warnings about quantum computing. According to Glassnode, over six million bitcoin, valued at almost $500 billion, are stored in addresses with exposed public keys, making them potentially vulnerable the day a sufficiently powerful quantum machine is delivered. Samson Mow has been cautioning that if a post-quantum upgrade is rushed, new bugs may be introduced before the threat even materializes. In the meantime, two billion dollars in funding for quantum companies was just announced by the US government. Bitcoin’s defenders are juggling the growing threats in slow motion.
The Signet exercise was unique because it wasn’t conducted in private. Participants were invited to watch logs, spin up nodes, and assemble a terminal-based graphical user interface (GUI) created especially for the event by AJ Towns. That transparency seems almost antiquated, more akin to an open-source ritual than a security disclosure. It could be interpreted as confidence. It could also be interpreted as developers making a concerted effort to ensure that common holders are aware of the risks before BIP 54 is put to a vote.
The larger scholarly picture doesn’t exactly calm anxiety. Eighty percent of successful 51% attacks between 2018 and 2024 targeted networks in their first two or three years, according to recent research on emerging blockchains. Clearly, Bitcoin is not in its infancy. However, the majority hash rate is not the issue with attack blocks; rather, it is a flaw in the rules themselves, the kind of flaw that is unaffected by the size of the network. It’s not fixed by size. Patching is the only way. It’s still unclear if BIP 54 lands cleanly. It’s time to clean up. And so is the dialogue.