Pooled mining has become the most popular mining approach in the Bitcoin system, which can effectively reduce the variance of the block generation reward of participants. The security of pooled mining depends on whether it is incentive compatible, that is, an honest participant will get a reward proportional to hiswork. Recent attacks on mining pools, for example, Block Withholding, Fork After Withholding, and Power Adjusting Withholding (PAW) attacks, show that malicious participants may undermine the revenue of the honest pools and receive an unfair share of the mining reward. This paper shows that the security of Bitcoin is even worse than what the recent attacks demonstrated. We describe an attack called Fork Withholding Attack under a Protection Racket (FWAP), in which the mining pool pays the attacker for withholding a fork. Our insight is that the mining pools under forking attacks have incentives to pay in exchange for not being forked. The attacker and the paying pool negotiate how much to be paid, and we show that it is possible for both the attacker and the paying pool to earn higher rewards at the expense of the other pools. In particular, our formal analysis and simulation demonstrate that the payer and the FWAP attacker can get up to 1.8x and 3.8x of extra reward as in PAW, respectively. Furthermore, FWAP can escape from the "miners' dilemma" when two FWAP attackers attack each other under some circumstances. We also propose simple approaches that serve as the first step towards preventing the FWAP attack.
