Pools creates their own coinbase transaction to pay their selves, and they begin the PoW by hashing different Headers, what prevent a hacker from changing the createrawtransaction with different output (His bitcoin adress instaed of the pool bitcoin pool adress)?

How pools can know that the header they are providing for miners contains a merkle root which contains a coinbase transaction created with a valid ouput (Their bitcoin adress and not another adress)?


Asked question