- There is a malicious miner at the network. At block Y the malicious miner disconnects from the main network and starts mining his own branch of the chain. The miner does not broadcast his blocks to the network. Main network nodes know nothing about the existence of an alternative chain branch.
- At some point of time the malicious miner performs a transfer of 10,000 tokens at the main network. Let's assume that the transaction is included in block (Y+100) at this example.
- The malicious miner keeps mining his own chain privately. He is free to include or not to include any transactions into blocks of his privately mined chain. The malicious miner does not include his transaction into any block of his chain (while the transaction happened on the main chain at block Y+100).
- Once the transaction is confirmed the malicious miner is cashing it out. For example he can buy himself a pizza at a moment of time while the highest block of the main network is (Y+201).
It is impossible for a malicious miner node, or a group of miners, to forge a transaction to put in the block even if they control more than half of the global hashrate. Any attempt to spend a balance from an address they do not have the private keys for will invalidate the transaction. Verification of the tx signature against the spending amount and the rest of the transaction will fail. And who does the verification? All of the full nodes running on the network. So every single node running official Bitcoin core software will reject the malicious transactions which attempt to spend bogus amounts that they don't have, because
they can't forge a signature that matches the transaction without the private key.
It does not matter if the rest of the network does not know about the existence of a longer (malicious) chain, all of them will reject the bogus transactions coming from that chain (but it would also leave the network in a destroyed state since it can still silently discard transactions). The full nodes that send wrong transactions, particularly the full nodes operated alongside the miners and are controlled by the same entity, could even get IP banned by their peers.
There's an excellent thread a few dozen pages back from this board, about a similar scenario with miners spending exorbitantly large and fake transactions:
How would it be know if a segwit thieft actually happened?, and this quote explains why miners don't have the choice to alter transactions a few blocks back:
~
Miners have one, only one, and exactly one job: To provide the ordering of transactions in a Byzantine fault-tolerant manner (which in turn prevents double-spends). Thats what miners do. That is all miners do. Granted, it is an important and resource-intensive job; thats why miners get paid for it. But that is the one and only security function of miners.
Of course, miners must validate each block they produce; if they didnt, they would be unable to reliably produce valid blocks. But miners are not the parties responsible for enforcing validation on the network. Full nodes do that. Each individual full node does that, so as to provide better security for its owner; and all full nodes collectively do that, thus providing validation security for the whole network. Observe how here as everywhere, Bitcoin precisely aligns the individuals selfish interest with the common good.
Full nodes do not blindly follow the longest chain. They follow the chain independently validated by them which has the highest total POW. A miner (or 51+% of miners) who produced invalid blocks would only be wasting hashrate, and likely risking widespread blacklisting of IP addresses. It doesnt matter if the invalid blocks steal money from Segwit transactions, steal money from old-style transactions, create 21 billion new coins, or are filled with gibberish from /dev/random. An invalid block is an invalid block, and shall be promptly discarded by all full nodesperiod.
Basically, the more transactions they change, the more time they must spend doing validation for their current block and they risk some other miner validating faster than them and getting their block included on the real chain. So they even lose the chance to capitalize off of their legitimate coinbase transaction.