The Qubic attack on Monero appears to be a costly advertising gimmick to remind us “non-repurposeability” is a requirement for PoW security. Most if not all ASIC-resistant PoWs are vulnerable. ASIC PoWs that are repurposeable (i.e. they can find significant profit elsewhere) aren’t secure. Only the biggest CAPEX “waste” has the most security. ¹ Optical-PoW and Chia’s proof of hard drive waste aren’t ASICs but could potentially be secure, but it’s not as clear as it is in Bitcoin. Merge-mined coins using Bitcoin’s PoW aren’t secure because Bitcoin miner’s could attack. X11 PoW that uses a mixture of PoWs (if it includes Bitcoin’s PoW) might be a unique case that has at least as much security. But all cases of sufficient security can be viewed as having sufficient non-repurposeability.

Sufficiently non-repurposeable can be defined as >50% of the hashrate (including equipment that has gone dark due to inefficiency) gaining more from long-term rewards + fees (from his remaining non-repurposeable CAPEX value) than from double-spending + short-term rewards + fees.

Non-repurposeability isn’t completely secure. The main threat to Bitcoin is from states gaining more than the chain can provide by attacking Bitcoin to protect their fiat’s relevance, their control of fiat transactions, and their knowledge of who’s transacting. To be secure against this, the current OPEX invested (~ the sum of future rewards + fees) must exceed the amount of tax revenue and fiat printing that colluding states can muster for an attack, and expect to win if they do attack. This latter condition is satisfied to the extent Bitcoin is a threat to their power. About 40 governments could spend less than 10% of their revenue to maintain an attack ($10 B annually). U.S. only needs to use 0.15% of its spending.

Selfish mining was part of the Monero attack, but it isn’t a threat to Bitcoin as soon as the majority of hashrate agrees to softly-enforce timestamp accuracy to less than say 20 seconds of error as I’ve described before.