When Miners and Validators Go Rogue: Some Bad Cases

Written by obyte | Published 2025/11/04
Tech Story Tags: crypto-mining | crypto-staking | 51-percent-attack | crypto-attacks | steemit | obyte | ethereum-classic | good-company

TLDRMost distributed ledgers have some middlemen, especially as miners and “validators,” and they can go rogue, sometimes. This means they can do a certain number of things against freedom and fairness, including double-spending funds or completely destroying a network, in the worst scenarios. via the TL;DR App

Crypto networks promote themselves as decentralized, and in our heads, that could be equated to unstoppable, uncensorable, and free (as in freedom). However, that’s not always the case. In reality, most distributed ledgers have some middlemen, especially as miners and “validators,” and they can go rogue, sometimes. This means they can do a certain number of things against freedom and fairness, including double-spending funds or completely destroying a network, in the worst scenarios.

It’s not always that miners and “validators” act in bad faith, as they are rewarded to benefit the entire network and/or punished if they act maliciously. But it can happen, because the system, if it’s designed like that, obeys the majority of them. Let’s see how this would work, and some bad cases we’ve already seen in the past.

What Going Rogue Looks Like

To understand what “going rogue” means, you need a quick refresher on how different chains secure themselves. In Proof-of-Work (PoW) networks like Bitcoin or Zcash, miners compete by solving complex math puzzles. The winner adds a new block of transactions to the chain and gets rewarded. This process keeps the network honest, but it has a catch: if someone controls more than half the total mining power, they can reorganize blocks, double-spend, or censor transactions. That’s what’s called a 51% attack.

Smaller networks are more at risk because their total hash power is lower, so renting or aggregating enough computing power becomes affordable. Some of the smaller chains around can be attacked for even $0 per hour, whereas attacking Bitcoin costs millions because its mining power is huge.

Proof-of-Stake (PoS) chains, like Ethereum and Solana, replace miners with “validators” (in reality — approvers, as they have the power to reject perfectly valid transactions). Instead of burning electricity on puzzles, validators “stake” their tokens for the right to confirm transactions.

The more tokens you stake, the more influence you have. This saves energy, but it introduces a new problem: if big players control enough stake, they can collude to censor or stall the network, or just individual transactions that they or their governments don’t like. And since validators are often concentrated in certain providers or exchanges, power can end up in fewer hands than you’d expect.

Operational failures, bugs, or centralized control of validator nodes also count. For you, as an average user, that means even when you use a chain that’s supposed to be validator-run, its security depends heavily on how decentralized, transparent, and independent the validators are.

Bitcoin Gold

The first bad case of our list is here. Bitcoin Gold (BTG) was born to give GPU miners a chance instead of limiting rewards to ASIC miners. In other words, it removed the need to invest in costly hardware just to mine coins. That looked fair. But fairness didn’t protect it.

In 2018 and 2020, Bitcoin Gold was hit by 51% attacks where malicious miners rented hash power, took control, reorganized blocks (diverted coins), and double-spent coins. Exchanges lost funds; users who believed their transactions were final woke up to vanishings. Because the network had relatively low hash power, attackers could mount such attacks at modest cost compared to the stakes involved.

That exposed the risk smaller PoW networks face: when computing power or its cost is low, damage becomes affordable for bad actors. Participating in or holding such coins means accepting longer confirmation waits, risk of loss, or checking whether the network has enough economic weight to deter attacks.

Ethereum Classic

Ethereum Classic (ETC) went from being a philosophical experiment in “code is law” to being tested seriously by hostile actors between 2019 and 2020. It suffered multiple 51% attacks, with malicious miners reorganizing thousands of blocks and double-spending millions of dollars worth of ETC. In 2020, the attacker reportedly moved about 807,260 ETC (around $5.6 million) using rented hash power from NiceHash, then used that control to reverse blocks and redirect funds through accounts under their control.

Exchanges and services were hit hard. Some halted withdrawals and deposits, raised the number of confirmations required, and froze operations. Developers and the ETC team reacted by proposing multiple countermeasures. These included defensive mining cooperation to keep hash power stable, monitoring tools, proposals to limit how deep reorganizations could go (“reorg caps”), and pushing for community and exchange participation in securing the chain.

ETC was a reminder for all of us that even long-running chains with real users and devs can suffer serious trust-breaking events if hash power drops, attackers rent power, or exchanges don’t enforce long confirmation windows. Luckily, they solved this issue by implementing a modified version of their consensus algorithm, boosting security against 51% attacks. Since then, its hashrate has been steadily increasing.

Steem vs Hive

Back in 2020, one of the most dramatic crypto showdowns unfolded between the Steem community and Justin Sun. Sun, known for running the Tron network, bought Steemit Inc., the company that had developed the Steem blockchain’s main platform. What seemed like a lifeline for the struggling company quickly turned sour for the wider community.

The conflict erupted over the so-called “ninja-mined stake,” a massive stash of tokens meant for Steem’s development. Steem users voted to freeze it then, fearing Sun would use it for personal profit. Sun fired back, accusing them of “hacking” his legally owned property. Things escalated fast. Sun allegedly rallied exchanges like Binance and Huobi, which used customer deposits to vote out Steem’s original witnesses. With Sun’s validators in full control, community members saw it as a blatant hostile takeover, proof that Delegated Proof-of-Stake (the consensus algorithm used by Steem) could be gamed when a few big players teamed up.

The community refused to back down. On March 20, 2020, they cloned the network into Hive, offering a 1:1 balance to Steem holders, but excluding the ninja-mined stake now in Sun's hands. A big part of the former Steemit community moved to this new chain.

Tornado Cash (and Ethereum)

When Tornado Cash was sanctioned by the U.S. government in 2022, it exposed how fragile Ethereum’s decentralization could be. The privacy mixer’s founders were accused of enabling money laundering, but the bigger shock came when some Ethereum “validators” began refusing Tornado Cash transactions.

“Validators” are supposed to create blocks (that’s why the quotes — they are doing more than just validating that the transactions follow the network’s rules) and keep the network neutral, yet many chose to censor. What began as a legal issue quickly turned into a test of how much outside pressure Ethereum could handle without betraying its ideals of openness and neutrality.

Ethereum’s structure gives builders, relayers, and proposers the power to decide what gets processed. Once the OFAC blacklist appeared, about half of “validators” started avoiding Tornado Cash activity while still building on blocks that included it. That fragile balance keeps the network running, but it shows how dependent Ethereum has become on regulated intermediaries.

If “validators” stop building on those blocks entirely, Tornado Cash could vanish from Ethereum. It’s a warning that real decentralization can’t depend on middlemen who choose which transactions deserve to exist.\

Beyond Miners and Validators

So, where does that leave us? If miners can overpower small proof-of-work chains and “validators” can team up or be manipulated by big players, is there any safer ground? Some networks are experimenting with approaches that don’t rely on miners or “validators” at all.

Obyte is one of them. Instead of a blockchain, it uses a Directed Acyclic Graph (DAG) model and Order Providers (OPs) rather than miners or “validator” committees dominating block production. Transactions are confirmed through node participation in the DAG, not through major middlemen pulling levers of power. That means only users are in charge of adding their own transactions, and once added, they can’t be modified or deleted by anyone.

Meanwhile, OPs only issue waypoints to order transactions, and they don’t hold any other power to control the network. A set of twelve public and reputable OPs can be voted on-chain by GBYTE holders and even be replaced by voters at any given moment. This way, the network is truly in the hands of the community, and the risk of a hostile takeover is minimal.

Remember: when you choose networks to trust or transact on, check how governance works, who controls token-stake or voting power, past conflicts among validators, and whether alternatives might serve you better.

Featured Vector Image by Freepik


Written by obyte | A ledger without middlemen
Published by HackerNoon on 2025/11/04
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy