Monero’s blockchain recently underwent an unusual 18-block reorganization, sparking significant concern among observers about the possibility of double-spending attacks. The rare event, which was confirmed by blockchain monitoring screenshots shared on X, has placed Monero users on heightened alert and raised questions about the network’s resilience.
A blockchain reorganization occurs when competing versions of a chain are produced simultaneously, with one version ultimately replacing the other. The losing chain, along with its transactions, is discarded. In Monero’s case, where blocks are generated approximately every two minutes, an 18-block reorganization rewrote more than thirty minutes of transaction history.
Concerns over transaction security
Blockchain experts noted that while minor reorganizations of one or two blocks can occur naturally in proof-of-work systems, a reorganization of this scale is highly irregular. Such an event suggests either deliberate interference or an abnormal concentration of mining power. This raised fears that attackers could potentially exploit the situation to replace past transactions, effectively enabling double-spend attempts.
Security specialists warned that if Monero’s community does not treat block reorganizations as a serious risk, the threat of double-spending will remain persistent. They stressed that the capability to exploit reorgs exists even without direct control of 51% of the network’s hashing power.
Traditionally, Monero transactions were considered final after 10 confirmations. However, following this reorganization, analysts suggested that this practice may no longer provide sufficient protection. The risk now exists that even transactions with 10 confirmations could later be invalidated by a deeper chain.
Previous concerns resurface
This incident has reignited long-standing debates about the concentration of mining power in the Monero ecosystem. In August 2025, the mining initiative Qubic had claimed majority control of the network’s hashing power, prompting exchanges such as Kraken to temporarily suspend deposits. At the time, concerns centered on the possibility of 51% attacks that could trigger reorganizations and enable double-spending.
The latest 18-block reorganization appears to reinforce those earlier warnings. Blockchain data indicated that competing chains were being produced by large pools such as monero.hashvault.pro and supportxmr.com, while blocks from smaller or unidentified pools were frequently discarded. This dynamic reflects a network environment where dominance by a few large pools increases vulnerability.
⚠️The attack against Monero is back. Hours ago XMR experienced a 18 block reorg
If you accept XMR make sure to wait for more than the usual 10 confs pic.twitter.com/793j5WWXgZ
— OrangeFren.com (@OrangeFren) September 14, 2025
How double-spending could occur
In practical terms, the environment created by such reorganizations makes it possible for malicious actors to alter past transactions. For instance, a customer could send XMR, receive the standard 10 confirmations, and assume the payment was finalized. However, if a deeper chain replaced the one containing that transaction, the payment could be invalidated. The sender could then redirect the same coins elsewhere, effectively executing a double-spend.
Ongoing uncertainty for Monero users
The incident highlights the precarious nature of trust in proof-of-work systems where mining concentration is a concern. For Monero, widely recognized as a leading privacy-focused cryptocurrency, the challenge of mitigating reorg risks could shape its future credibility among both users and exchanges.
As discussions intensify, the community now faces the pressing task of reassessing security practices and exploring ways to reduce reliance on traditional confirmation thresholds. Whether the event represents an isolated anomaly or a sign of deeper systemic risk remains an open question, but the implications for network trust and usability are significant.