🥷 $24M DoS attack

If you won the lottery, how would you spend it?

A new house, maybe, or a car. A warm summer holiday to a sunny beach, at least.

I’d bet good money, however, that using it to attack Bitcoin would be low on the list.

You would already know that the debate over transaction filtering has been going on for years. More than a decade, even.

It was around this time in 2015 that a mysterious user, or group of users, decided to take matters into their own hands.

An entity going by CoinWallet.eu had begun executing what it described as the “Ultimate Bitcoin Stress Test.” They were going to systematically spam the chain with dust transactions and fill each block to the brim, driving fees sky high in the process while drastically increasing wait times for legitimate users.

CoinWallet.eu hoped to demonstrate that Bitcoin’s 1MB block size limit was too small, and ultimately convince the community to raise it. After all, if spammers could cheaply overload Bitcoin’s blocks as they were, then so could anyone else at any time.

In a recent blog post, BitMEX Research wrote:

“The logic was, that at a fixed fee rate, filling up an 8MB block with spam would cost a lot more than filling up a 1MB block. The small blocker retort to this argument was that the larger blockers had it backwards, if there is spam, letting it all go onchain quickly and cheaply wasn’t stopping the spammer, but letting the spammer win.”

“Besides, if the blocksize limit was increased, fees would decline, making the spam cheaper. However, a key metric to the large blockers was how much money it would cost in fees to fill a block. This number was considered far too low for Bitcoin to be secure and raising the blocksize limit would help increase this value, making Bitcoin more resilient, in their view.”

CoinWallet.eu waged its campaign across four attacks between June and September 2015.

The first actually failed. It was supposed to generate 1MB worth of transaction data every five minutes, causing a backlog of transactions 241 blocks long (1.67 days). The mempool would contain 241MB unconfirmed transactions by that point. 

But after spending 2 BTC ($500 then, $235,800 now), their servers began to crash under the weight of a mempool that was just 12MB.

The second came five days later and was more effective, and even managed to seemingly convince one user that the big blockers could have a point.

CoinWallet.eu never explicitly took responsibility for the third wave but it’s assumed the group was responsible. 

The attack, between July 7 and 11, resulted in a backlog of between 27,000 and 80,000 transactions, with many of the dust transactions (0.00001 BTC) sent to well-known wallets like WikiLeaks and Voat, as well as generic public key addresses generated from simple key phrases, like “cat” or “dog.”

Motherboard calculated that the attackers in total spent 30 BTC to flood the network for that third wave, worth $8,000 then but more than $3.5 million right now. Undoing the backlog meant F2Pool would need to consolidate the bulk of the spam outputs with a number of 1MB transactions.

CoinWallet.eu’s fourth attack arrived months later, in September, when it posted thousands of private keys to Bitcointalk, each one lining up with an address containing a slice of 200 BTC. 

Users rushed to collect the free coins, submitting 90,000 transactions. Many of them related to the same bitcoin, so they could easily be discarded by miners, reducing the attack’s effectiveness. 

CoinWallet.eu gave up after that, with the actions of miners, pools and key players, including Gregory Maxwell, largely mitigating any adverse effects over a short enough time. 

As BitMEX pointed out, the situation closely rhymes with the modern-day discussion over the role of node runners in filtering out certain types of transactions, with Luke Dashjr at the time pushing for widespread usage of filters to suppress CoinWallet.eu’s spam. 

It’s still unknown who was behind CoinWallet.eu, with theories including Gerald Cotten and big blocker Craig Wright. In any case, an academic study concluded that a little less than a quarter of transactions across a 10-day period at the peak of the campaign were spam (385,256 out of 1.65 million). It increased fees by 51% (45 to 68 sats/byte) and processing delay by 7x(about 20 minutes to 2 hours and 45 minutes).

“This shows that an adversary who is willing to expand modest amounts of bitcoin (at least $49,000 USD), to pay higher fees, can DoS Bitcoin,” the authors found.

And there’s the kicker. The four attacks indeed cost only about $49,000 worth of bitcoin to execute — in 2015. 

Today, with bitcoin at all-time highs, those 201 BTC would fetch almost $24 million, equivalent to a jackpot lottery prize and enough to buy a house, a car and multiple vacations to far-off exotic beaches. Oops.

— David

Give us the one thing more valuable than BTC: your opinion.

We’ve put together a quick form to help us get to know you and understand what matters most — what you want more of, less of, and whether our content is hitting or missing the mark.

And, if you complete the survey, you'll get entered for a chance to win some bitcoin merch to show off your love of BTC this summer.

• BTC/USD set a new all-time high this morning, topping out at $118,910 on Coinbase. Current price: $117,800.

• Bank of America listed bitcoin as the best performing currency of the year against the US dollar, beating the Swedish krona 18.2% to 16.4% as of July 9.

• Roya Mahboob, founder of Digital Citizen Fund, recounts the ways Bitcoin has helped women in Afghanistan gain financial freedom under oppressive regimes.