There is an almost trivial double-spending attack against Bitcoin if an attacker has a MITM (man-in-the-middle) attack against a victim: the attacker prevents all blocks from being seen, and replaces them with their own. The argument against this I’ve read online is that “it will take an extremely long time for the attacker to generate their own blocks, so the victim will notice there’s something wrong”.

But what about the following attack?

1. Attacker “Mallory” has a MITM attack against victim “Alice”. Say it takes Mallory T minutes to generate a block, where T >> 10
2. When the N-th block is generated on the network, Mallory waits C*N minutes before forwarding it to Alice. (here C is an arbitrary constant, and N=1 is the first block generated on the network after the MITM attack begins)
3. Let M=6*T/C. After M blocks, Alice’s blockchain will be X*M = 6*T minutes behind the real blockchain. This gives Mallory enough time to generate a block containing her fake transaction, plus an additional 5 confirmation blocks, before Alice catches up to the (current) head of the blockchain.

In other words, Mallory builds up time for herself to generate some blocks by adding C extra minutes between each block. Once she’s accumulated enough time, she then “spends” it to generate some fake blocks.

Alice still sees a block ~every 10+C minutes, so as long as C is small she never notices anything is wrong. She also sees her own transactions eventually going through, just with an extra delay of N*C minutes.

Does Bitcoin somehow protect against this? Or is this a legitimate double-spending attack?