If a single entity controlled 51%, it could double-spend, though that would be obvious. There are more subtle attacks that are not so obvious and even require less than 51%. But I’m pretty sure that they haven’t happened because mining pools are not single entities.
These attacks require tight collusion. They require everyone in the pool to use the same software. The many people in the pool are many opportunities for the secret to leak. Moreover, I believe that most pools are open entry: people can join them and learn what software they are using.
If a single entity controlled 51%, it could double-spend, though that would be obvious. There are more subtle attacks that are not so obvious and even require less than 51%. But I’m pretty sure that they haven’t happened because mining pools are not single entities.
These attacks require tight collusion. They require everyone in the pool to use the same software. The many people in the pool are many opportunities for the secret to leak. Moreover, I believe that most pools are open entry: people can join them and learn what software they are using.