Hard Guarantees #5: Confidence In Block Confirmation Security

Would you ship $1 million worth of goods for a Bitcoin payment? And what if the sender was the Chinese government… trying to take it back?

This is the risk behind a double-spend attack. It's a trick where someone sends you Bitcoin, waits until you deliver, then secretly rewrites history to erase the payment.

Bitcoin defends against this using Proof of Work. It’s not just internet money. It’s digital trust. The longer you wait, the harder it is to undo a transaction.

The standard rule? Wait 6 confirmations (about 1 hour).

But is that really enough when the stakes are sky high?

Let’s run the numbers.

Scenario:

$1M payment

25% of global hashpower controlled by attacker (e.g., state actor)

6 confirmations wait time

Attacker gives up after falling 15 blocks behind

Assumptions:

Block reward = 3.125 BTC ≈ $312.5k

Only cost considered: lost block rewards

Success probability: 5% (Satoshi’s estimate)

Model output (Markov chain):

Failed attack = 18 honest blocks → $1.4M in lost rewards

Successful attack = 6.3 attacker blocks → $2.97M in gains

Expected loss = –$1.33M

Expected gain = +$148k

Net expected return = –$1.18M

The result? Even nation-states would lose money trying to double-spend you.

That’s not just security. That’s leverage.

Would your payment rails stand up to this kind of math?

Or are you still settling for chargebacks and credit risk?