This article gives an example of a 51% attack in theory as:
In a 51% attack the hacker will typically mine in private to attain a
longer chain than the publicly seen chain in hopes of double-spending
coins. Cryptocurrency exchanges are often the target of the hack due
to their deep pockets and acceptance of coin deposits and withdrawals.
By having control over more hashpower than anyone else the attacker
has the advantage to find winning blocks faster. If they can mine
selfishly, meaning they secretly mine successful blocks but don’t
broadcast them to the network, they can build up a number of blocks
and when ready broadcast a longer chain of blocks to the network. All
the miners would favor building on the longer chain.
Meanwhile, the attacker would have sent some of the coins they mined
previously to an exchange using the chain that is seen publicly. Once
their deposit is confirmed, the attackers are able to exchange their
mined coins for other coins that they’ll quickly withdraw from the
Then, the longer chain that was mined in secret is broadcast to the
network. The longer chain would contain a transaction using the same
coins that were deposited to the exchange.
Now that the miners see the longer chain they will build blocks at the
tip of the longer chain. This has two effects. One, the blocks in the
shorter chain are now orphaned and their transactions dumped back in
the mempool. That means the transaction to the exchange was reversed
like it never happened and the exchange was effectively robbed of the
withdrawn coins. Two, the attacker’s second transaction gets
completed, in effect spending the same coins twice.
When the attacker broadcasts the chain they had been working on in private, will they get mining rewards for all those new blocks after the reorg?