[patio11]

Massive attack requires massive resources.

Not, in general, true. You could rent thousands of botted-up consumer-grade PCs located in the United States to run your custom bitcoin client for hundreds of dollars. This particular attack doesn't require any detailed computation -- all you have to do is observe a transaction broadcast from Legitimate Node N1, perform nanoseconds of computation on it, and broadcast the resulting transaction from your Conspiring Nodes N2...N1000 faster than N1 does. Assuming you do, your altered transaction will be the one adopted by the consensus, not the original one.

The technical complexity of this attack is substantially below several levels of e.g. the Stripe CTF event, which were designed to be implemented by intermediate programmers in a few hours of play.