pull down to refresh

@daily_btc_lore | Daily Bitcoin History Threads

July 7, 2015 | 11 years ago today

Bitcoin Network Flood AttackBitcoin Network Flood Attack


On July 7, 2015, an anonymous attacker began deliberately flooding Bitcoin with junk transactions. Over the following ten days they spent at least $49,000 to prove a political point: that 1MB blocks could not survive real demand. The congestion they caused was real and measurable. The argument lost anyway.

The war before the floodThe war before the flood

The summer of 2015 was the peak of the block size war. Bitcoin Core developers wanted to hold blocks at 1MB and pursue scaling by other means. The largest Chinese mining pools, AntPool, F2Pool, BTC China, Huobi, and BW, had answered with a joint proposal to raise the limit to 8MB. Neither side was moving, and the debate had consumed the mailing lists, the forums, and the conference circuit for months.

Then someone took the argument to the chain itself.

The mechanicsThe mechanics

The attacker ran at least 10 automated wallets that pumped out dust transactions, each one packing 102 outputs of 0.0001 BTC. Every transaction was perfectly valid, economically pointless, and built to devour block space. Researchers later classified 385,256 transactions from the attack window as spam, roughly 23% of everything Bitcoin processed in those days. The mempool swelled past 80,000 waiting transactions, average fees jumped 51%, and confirmation times stretched sevenfold.

F2Pool tried to clean up by sweeping thousands of dust outputs into one giant consolidation transaction. It weighed 999.657 KB and filled nearly an entire block on its own. Regular nodes refused to relay anything that size, so F2Pool mined it into its own blocks directly. Even the cleanup hurt: the sweep took over 20 seconds to verify and lagged block explorers across the network, until Greg Maxwell suggested reusing identical signatures across the inputs, which made the sweeps highly compressible and fast to check.

In #bitcoin-wizards on the first night of the attack, Maxwell was unimpressed. "AFAICT it's some promotion stunt to raise attention for some scammy website or something," he wrote. "Who knows, who cares."

WhodunitWhodunit

His guess aged well. Suspicion fell on Coinwallet.eu, a service that had advertised a paid "stress test" of the network weeks earlier, and a shared address tied the two campaigns together. Peter Todd had once publicly offered to run a stress test for $7,000 and just as publicly denied any involvement in this one. Nobody ever claimed the attack.

Economics instead of capacityEconomics instead of capacity

Bitcoin Core's response set the template for every spam wave since. Version 0.11.0 introduced a minimum relay fee of 1,000 satoshis, raised to 5,000 by October. The reasoning was simple: if every byte of spam costs real money, sustained spam becomes a losing trade. No emergency block size increase, no protocol panic, just a price on the resource being abused.

The attacker spent $49,000 proving Bitcoin could be congested, and changed nobody's mind. Two years later SegWit activated without a block size increase. The full post-mortem still lives on the Bitcoin wiki:

https://en.bitcoin.it/wiki/July_2015_flood_attack


Part of an ongoing series on Bitcoin history. This event falls on July 7, 2015.

Flood reminds me of Halo! But that spam attack backfired.

Wonder what you will write about this bip 110 drama in 15 years haha

reply