Hash Power and the Limits of Law
What happens when two superpowers each control half of Bitcoin’s mining — and have no way to hold each other accountable?
As of March 2026, the BTC network’s hash power is split almost evenly between two countries that cannot cooperate on law enforcement. U.S.-linked mining pools account for roughly 42% of the total hash rate. Chinese-linked pools account for roughly 53%. The remaining 5% is scattered across Czech operators and pools of unknown nationality.
I say “linked” deliberately. Pool-distribution dashboards report pool identity, not legal domicile. Assigning a pool to a country requires examining operator disclosures, incorporation records, management location, and operational nexus. Some assignments are easy — Foundry USA is a Delaware subsidiary of Digital Currency Group. Others are harder — Binance Pool is operated by an entity with a complex multi-jurisdictional structure, and F2Pool was founded in Beijing but operates globally. The classifications used in my research are my own, based on the best available evidence, and I flag the ambiguous cases explicitly.
One thing that surprises people: Chinese mining pools account for over 52% of global hash rate despite China’s 2021 mining ban. That ban, jointly issued by ten PRC ministries in September 2021, classified cryptocurrency mining as an industry to be eliminated. It triggered massive hash-rate migration — much of it to the United States, which is how Foundry USA grew to over 31%. But the ban targeted physical mining operations in China, not the pool coordination software. Chinese pool operators relocated their Stratum servers, redomiciled their holding companies, and continued operating. The hash power that mines through Chinese-operated pools is now geographically distributed, but the pool coordination — the entity that decides which transactions go into blocks and which chain to build on — remains under Chinese corporate control.
That is not a technical curiosity. It is a jurisdictional crisis hiding in plain sight.
The U.S. side is dominated by a single player: Foundry USA, a subsidiary of Digital Currency Group, accounts for over 31% of global hash rate on its own. MARA Pool (formerly Marathon Digital) adds another 5.7%. On the Chinese side, the distribution is more fragmented — AntPool (Bitmain) at 15.7%, F2Pool at 11.3%, ViaBTC at 9.5%, and SpiderPool at 8.8% — but the aggregate is larger. And critically, the combined Chinese pool share of 52.84% is sufficient in principle, if coordinated as a stable coalition, to execute a majority attack against the network.
If a Chinese mining pool launched a majority attack against the BTC network — reorganising the chain to enable double-spend fraud against American exchanges, or systematically censoring transactions from U.S. wallets — the United States would have no practical way to prosecute, sue, or extradite the people responsible. Criminal charges could be filed. Civil suits could be brought. But none of it would matter, because the legal machinery that connects American courts to Chinese defendants is broken at every level.
I have spent the past several months mapping exactly where it breaks, and what the United States can actually do about it. The answer is not what most people expect.
The three-layer enforcement gap
The gap between the two countries operates on three separate levels, each of which fails independently.
Criminal jurisdiction exists on paper. The Computer Fraud and Abuse Act gives U.S. prosecutors extraterritorial reach over anyone who attacks a “protected computer” — which includes any computer connected to the internet. Wire fraud statutes cover cross-border schemes using electronic communication. The International Emergency Economic Powers Act gives the President broad authority to block assets and prohibit transactions with foreign adversaries. The legal theories are all there.
But theories are not enforcement. The United States has no extradition treaty with China. None. This is not an oversight — it reflects a fundamental structural disagreement between the two legal systems about sovereignty, judicial independence, and the proper scope of criminal law. The bilateral Mutual Legal Assistance Treaty, signed in 2000, gives China complete discretion to refuse any request that it considers harmful to its “sovereignty, security, or public interest” (损害中华人民共和国的主权、安全或者社会公共利益). In practice, Chinese authorities have provided meaningful cooperation in cybercrime cases only when the conduct also harmed Chinese interests. When the conduct serves Chinese strategic goals — or is simply not a Chinese enforcement priority — the MLAT is a dead letter.
The U.S. Department of Justice has tried to work around this. The PLA Unit 61398 indictments in 2014 — five Chinese military officers charged with economic espionage — were a message, not a prosecution. No one was arrested. The more recent pattern is third-country arrests: wait for a Chinese suspect to travel to a jurisdiction with a U.S. extradition treaty, then arrest them there. This works for individuals. It does not work for mining-pool infrastructure that never leaves Chinese territory.
The contrast with other countries is stark. For most of America’s treaty partners, a federal indictment can be followed by extradition. The Budapest Convention on Cybercrime provides a cooperative framework among its eighty-plus parties. If a British operator ran a hostile pool, the UK’s Computer Misuse Act, the European Arrest Warrant, and the U.S.-UK extradition treaty would all apply. For China, none of those instruments exist.
Civil enforcement is blocked by Chinese law. Even if you could get a U.S. court to assert jurisdiction over a Chinese pool operator — which is legally plausible under effects-based personal jurisdiction, especially where the pool actively targets U.S. miners and processes payouts through U.S.-regulated exchanges — you could not serve process through the Hague Service Convention in less than six months to two years. You could not gather evidence, because Article 36 of China’s Data Security Law (数据安全法) flatly prohibits any organisation or individual within China from providing domestically stored data to foreign judicial or law enforcement bodies without Chinese government approval (非经中华人民共和国主管机关批准,境内的组织、个人不得向外国司法或者执法机关提供存储于中华人民共和国境内的数据). You could not enforce a judgment, because China does not recognise or enforce U.S. civil judgments on a reciprocal basis.
The evidentiary problem deserves particular attention. BTC’s blockchain is public, which means everyone can see that a chain reorganisation happened. But seeing that a reorganisation happened is not the same as proving that specific pool operators coordinated to cause it. A majority attack requires coalition coordination — multiple pools acting in concert. The blockchain records which pool found each block, but it does not record whether pool operators communicated to coordinate a reorg. It does not record who gave the instruction to build on a competing fork. Attribution in the legal sense — proof sufficient for a conviction or a civil judgment — requires server logs, internal communications, financial flow analysis, and testimony. All of which are in China, behind Article 36, inside corporate structures that may involve Cayman Islands holding companies, VIE (variable interest entity) arrangements, and opaque beneficial ownership chains.
The third layer is where it gets interesting. If criminal prosecution is largely formal and civil enforcement is blocked, what enforcement instrument does the United States actually have?
The answer is infrastructure.
The infrastructure thesis
A BTC mining pool is not a self-contained operation. It depends on a stack of internet infrastructure that extends far beyond Chinese territory.
The pool operator runs Stratum servers whose domain names must be resolvable through the global DNS. Miners around the world must be able to route traffic to those servers over the interdomain network. Newly mined blocks must propagate quickly through relay networks — specialist overlay systems like the Falcon Network (developed at Cornell) and FIBRE — to avoid being orphaned by competing blocks. Payouts depend on exchange connectivity. Dashboards and APIs depend on cloud hosting.
Important portions of that infrastructure are tied to institutions within or aligned with the United States.
The DNS root zone is maintained by Verisign under the Root Zone Maintainer Agreement with ICANN, both U.S.-incorporated entities. The .com and .net registries are operated by Verisign in Virginia. The major relay networks are operated by U.S.-based or U.S.-affiliated institutions. Major cloud providers, exchanges, and transit networks are U.S.-headquartered and subject to U.S. sanctions compliance.
This creates an asymmetry that is directional, not absolute. Chinese pools need outward connectivity through U.S.-influenced infrastructure layers to compete for global hash share. Their blocks must reach the rest of the network quickly — within seconds — or they risk being orphaned by competing blocks discovered at the same time. That requires passing through chokepoints where the United States has leverage. U.S. pools do not depend on Chinese infrastructure in the same way. The Great Firewall gives China formidable control over inbound connectivity and substantial retaliatory capacity through domestic routing controls. But the external-facing dependency is asymmetric: Chinese pools need the global internet more than U.S. pools need the Chinese internet.
To understand what enforcement through infrastructure actually looks like, consider a concrete scenario.
The enforcement sequence, in a serious case, would look something like this. The Department of Justice obtains indictments against identified pool operators. The Treasury Department’s Office of Foreign Assets Control designates the pool entities under IEEPA-authorised cyber sanctions, which triggers mandatory compliance by every U.S.-connected service provider. Domain registrars seize or suspend the pool’s .com domains. Cloud providers, exchanges, and payment processors terminate service. The pool’s access to major relay networks is severed — either by operator policy or by OFAC compliance obligation. In the most contingent scenario, coordinated BGP prefix filtering by major transit providers could degrade the pool’s IP-layer reachability.
The cumulative effect is not the arrest of anyone. It is the progressive degradation of a hostile pool’s operational efficiency. Propagation delays increase. Orphan risk rises. Profitability drops. Miners, who are economically rational, migrate to competing pools. The pool’s effective hash share declines even though the physical hardware in China has not changed.
This is not hypothetical in the sense of being unprecedented. The U.S. has used exactly this playbook — indictment, OFAC designation, domain seizure, service termination — against the Gameover Zeus botnet, against Iranian financial institutions, and against Russian ransomware operators. The novel question is whether it can be applied to mining pools, where the target is not a criminal server but a participant in a decentralised protocol.
China’s side of the equation
China is not passive in this analysis. Chinese criminal law — Articles 285 through 287 of the PRC Criminal Law (中华人民共和国刑法) — criminalises illegal intrusion into computer systems, interference with computer functions, and the creation of destructive programs. China claims jurisdiction over cybercrime under all four recognised bases: territorial, personal, protective, and universal. In theory, China could prosecute its own pool operators for attacks on foreign infrastructure.
In practice, whether China exercises that jurisdiction against conduct directed outward is a political question. China’s Anti-Foreign Sanctions Law (反外国制裁法), enacted in 2021 and strengthened by implementing regulations in March 2025, authorises countermeasures against foreign discriminatory restrictive measures and prohibits Chinese organisations from complying with foreign sanctions. If the United States designated Chinese mining pools under OFAC sanctions and seized their domains, Beijing would almost certainly treat that as an extraterritorial overreach to be resisted — not as a legitimate enforcement action to be supported.
The Ministry of Foreign Affairs published a report in February 2023 explicitly criticising U.S. “long-arm jurisdiction” (美国的长臂管辖及其危害). Infrastructure enforcement against Chinese mining pools would fit squarely within that critique. The likely Chinese response would be retaliatory rather than cooperative — further restricting data sharing, tightening the Great Firewall around mining-related traffic, and potentially invoking Anti-Foreign Sanctions Law countermeasures against any Chinese intermediary that complied with U.S. enforcement demands.
Why this matters — and what it does not mean
Three things need to be clear about this argument.
First, this is not a claim that the United States “controls the internet” or can shut down BTC mining at will. It is a claim that the United States and its allies possess meaningful chokepoint influence — concentrated in DNS, hosting, relay, and transit layers — that is sufficient to impose serious operational costs on a hostile mining pool. That is a narrower and more defensible proposition than internet sovereignty, and it is the one the evidence supports.
Second, not all hostile mining conduct is unlawful. The BTC protocol is, by design, permissionless. Selfish mining — withholding blocks to gain a strategic advantage — is aggressive but falls within the protocol’s design assumptions. Transaction-fee sniping and block-withholding strategies are economically rational behaviours that the protocol anticipated and tolerates. The enforcement gap described here applies specifically to conduct that crosses the line into fraud, theft, or intentional disruption: double-spend attacks linked to financial fraud, deliberate service disruption analogous to a denial-of-service attack, or coordinated transaction censorship targeting identifiable victims. The distinction matters because one of the most dangerous things the law could do is criminalise protocol-native behaviour simply because it is competitive. The protocol must be allowed to function on its own terms. The law’s role is to address conduct that uses the protocol as an instrument for conventional crimes.
Third, the infrastructure lever cuts both ways. China has substantial retaliatory capacity through the Great Firewall, domestic routing controls, and regulatory authority over PRC-facing international connectivity. An infrastructure confrontation over mining pools would not be costless for the United States. The argument is that the directional asymmetry favours the U.S. in external reach, not that the U.S. is immune from Chinese counter-action.
The international law dimension
The legal classification of this conflict is itself contested, and the answer matters for how the international community should respond.
If a Chinese mining pool launches a majority attack against the BTC network, causing financial losses to American counterparties, is that a state cyber operation under international law? A private act of transnational economic coercion? Simple fraud with cross-border characteristics?
The answer depends on attribution. If the pool operates independently of the Chinese government — as most commercial mining pools do — the conduct is presumptively private. It is best classified as transnational economic coercion or cyber-enabled fraud, not a state cyber operation under the ILC Articles on State Responsibility. Responsive U.S. infrastructure action is then best analysed as domestic law enforcement or retorsion (an unfriendly but lawful act that does not violate any international obligation), not as countermeasures requiring prior breach and proportionality under the law of state responsibility.
If, however, the pool is acting under PRC government direction or control — a factual question governed by the attribution standards in the ILC Articles — then the conduct may engage state-to-state obligations, and the legal framework shifts to the Tallinn Manual analysis of state-on-state cyber operations. The distinction between state and non-state conduct is not merely academic: it determines whether the responding state is constrained by the proportionality and necessity requirements of countermeasures law, or whether it may act within the broader discretion afforded by retorsion and domestic enforcement authority.
The practical difficulty is that the attribution question will rarely be cleanly resolved before the enforcement decision must be made. Intelligence assessments may suggest state involvement. Diplomatic channels may be silent or misleading. The pool’s corporate structure may obscure beneficial ownership through Cayman Islands intermediaries and VIE arrangements. And the political pressure to respond quickly — before a majority attack causes irreversible financial harm — will not wait for a legal classification to be formally established.
That is precisely the gap the article identifies: the formal legal classification depends on facts that the legal framework itself cannot reliably establish in the time frame that enforcement requires.
Policy recommendations
The paper proposes three concrete measures.
First, the United States should develop a pre-authorised legal framework for infrastructure interdiction in response to verified hostile mining-pool conduct. This framework should specify triggering conditions, mandate independent review, impose time limits and proportionality requirements, and provide for congressional oversight. The current situation — in which infrastructure leverage exists but its legal accountability framework is underdeveloped — is worse than either clear authority or clear prohibition.
Second, multilateral processes should address mining-pool conduct explicitly. The Budapest Convention is the most advanced multilateral cybercrime instrument, but it does not cover protocol-layer mining manipulation as a distinct category. Nor does any existing UN norm. The gap should be addressed through either a supplementary protocol or through interpretive guidance by the Budapest Convention parties.
Third, the MLAT framework with China should be supplemented by a sector-specific protocol addressing cryptocurrency enforcement, analogous to the 2015 bilateral cyber agreement on commercial espionage. The current framework gives China too much discretion to deny cooperation in cases where the conduct is directed outward against foreign targets.
The bottom line
The BTC protocol was designed to be resistant to centralised control. In important respects, it succeeds: no government can unilaterally change the consensus rules. A state that controls zero hash power cannot rewrite the blockchain. That is a genuine achievement of protocol design, and this paper does not dispute it.
But the infrastructure on which mining pools coordinate — DNS, routing, relays, cloud services, exchange connectivity — was never decentralised in the same way. It runs on the ordinary internet, subject to ordinary legal process, ordinary sanctions compliance, and ordinary operator discretion. The protocol interior is permissionless. The infrastructure envelope is not. And the legal accountability of enforcement at that envelope — the question of when, how, and under what constraints governments may use infrastructure leverage against protocol participants — is the unfinished business of both cybercrime law and internet governance.
The near-parity between U.S. and Chinese hash power may be transient. Mining hardware economics, energy prices, and regulatory environments shift constantly. China’s 2021 mining ban produced massive hash-rate migration; a reversal of U.S. regulatory sentiment could do the same in the opposite direction. But right now, in March 2026, two geopolitical rivals each hold enough hash power to threaten the other’s economic interests through the protocol layer, and neither has a reliable legal mechanism to hold the other accountable. The formal law exists. The enforcement does not.
What fills the gap is infrastructure leverage — and the question of whether its use should be governed by law, or left to executive discretion exercised under pressure, is one that cannot wait for the crisis that will eventually force the answer.
This post summarises a full-length article currently under submission. The academic version contains 76 footnotes, detailed statutory analysis of both U.S. and Chinese law (including original Chinese-language legal texts), comparative enforcement analysis across the Budapest Convention parties, and a worked enforcement-sequence model. For the complete analysis, the paper will be available upon publication.
Craig Wright is at the University of Exeter Business School.