This work investigates a novel profitable mining attack in Proof-of-Work (PoW) blockchains, identifying and formalizing BM-PAW—a bribery-driven, two-pool collusive attack that strictly dominates the classical PAW attack in profitability. Departing from conventional zero-sum assumptions, we propose the first non-zero-sum game-theoretic model jointly optimizing incentives for both attackers and bribed pools, and rigorously derive the attack success conditions under Nash equilibrium. Methodologically, we integrate game-theoretic modeling, PoW protocol reverse engineering, and pool-level incentive mechanism design. We further introduce a deployable defense framework combining on-chain protocol hardening with off-chain reputation systems. Our core contributions are threefold: (i) uncovering the intrinsic equilibrium structure of collusive bribery attacks; (ii) overcoming theoretical limitations of prior attack models by relaxing zero-sum constraints; and (iii) establishing a new paradigm for systemic security assurance in decentralized mining ecosystems.

Mining attacks enable an adversary to procure a disproportionately large portion of mining rewards by deviating from honest mining practices within the PoW-based blockchain system. In this paper, we demonstrate that the security vulnerabilities of PoW-based blockchain extend beyond what these mining attacks initially reveal. We introduce a novel mining strategy, named BM-PAW, which yields superior rewards for both the attacker and the targeted pool compared to the state-of-the-art mining attack, PAW. BM-PAW attackers are incentivized to offer appropriate bribe money to other targets, as they comply with the attacker's directives upon receiving payment. We further find the BM-PAW attacker can circumvent the miner's dilemma through equilibrium analysis in a two-pool BM-PAW game scenario, wherein the outcome is determined by the attacker's mining power. We finally propose practical countermeasures to mitigate these novel pool attacks.