Cryptocurrencies have gained popularity due to their transparency, security, and accessibility compared to traditional financial systems, with Bitcoin, introduced in 2009, leading the market. Bitcoin's security relies on blockchain technology - a decentralized ledger consisting of a consensus and an incentive mechanism. The consensus mechanism, Proof of Work (PoW), requires miners to solve difficult cryptographic puzzles to add new blocks, while the incentive mechanism rewards them with newly minted bitcoins. However, as Bitcoin's acceptance grows, it faces increasing threats from attacks targeting these mechanisms, such as selfish mining, double-spending, and block withholding. These attacks compromise security, efficiency, and reward distribution. Recent research shows that these attacks can be combined with each other or with either malicious strategies, such as network-layer attacks, or non-malicious strategies, like honest mining. These combinations lead to more sophisticated attacks, increasing the attacker's success rates and profitability. Therefore, understanding and evaluating these attacks is essential for developing effective countermeasures and ensuring long-term security. This paper begins by examining individual attacks executed in isolation and their profitability. It then explores how combining these attacks with each other or with other malicious and non-malicious strategies can enhance their overall effectiveness and profitability. The analysis further explores how the deployment of attacks such as selfish mining and block withholding by multiple competing mining pools against each other impacts their economic returns. Lastly, a set of design guidelines is provided, outlining areas future work should focus on to prevent or mitigate the identified threats.

翻译：与传统金融体系相比，加密货币因其透明度、安全性和可访问性而日益普及，其中2009年推出的比特币引领了市场。比特币的安全性依赖于区块链技术——一种由共识机制和激励机制构成的去中心化账本。其共识机制工作量证明（PoW）要求矿工解决复杂的密码学难题以添加新区块，而激励机制则以新铸造的比特币奖励他们。然而，随着比特币接受度的提高，其面临着越来越多针对这些机制的攻击威胁，例如自私挖矿、双花攻击和区块扣留攻击。这些攻击损害了系统的安全性、效率及奖励分配。近期研究表明，这些攻击可以相互结合，或与恶意策略（如网络层攻击）及非恶意策略（如诚实挖矿）相结合。此类组合催生了更为复杂的攻击，提高了攻击者的成功率和收益。因此，理解和评估这些攻击对于制定有效对策、确保长期安全至关重要。本文首先考察了单独执行的各类攻击及其收益性，继而探讨了将这些攻击相互结合或与其他恶意及非恶意策略结合如何提升其整体有效性和收益。分析进一步探究了多个竞争矿池相互实施自私挖矿和区块扣留等攻击对其经济回报的影响。最后，本文提出了一套设计准则，明确了未来工作应关注的领域，以预防或缓解已识别的威胁。