“You’re terminated, fucker.” — Sarah “JW” Connor, The Terminator
In the first part of this series, we’ve observed the existence of an 8th wave of spam during S2 2016. In this second part, we’ll try to find the reasons explaining this occurrence.
Back to the basics
Two theories may explain the late occurrence of the 8th wave:
- its fan-in transactions were created by the attacker during S2 2016 and immediately included in blocks,
- its fan-in transactions were created before S2 2016 and first rejected by the miners before these ones change their mind during S2 2016 (for whatever reason).
A quick search in the archives (a.k.a. google search & statoshi.info) suggests that the second theory might be the right one.
A first hint supporting this hypothesis is a comment made on r/bitcoin by the operator of a mining pool
“Someone has been doing that since October 2015. They rebroadcast the October spam attack transactions usually 2x per day. If you examine those transactions, you’ll find that they’re all 14,780 ± 50 bytes and pay a 15,000 satoshi fee. Don’t pay attention to those spam broadcasts, as all miners have been ignoring them since October by using the minrelaytxfee command line/bitcoin.conf option.” — jtoomim, May 2016
The description given in this comment seems to match the structure of the transactions observed during the 7th & 8th waves (transaction size around 14kB, fee rate around 1 sat/byte).
Moreover, it also seems to match the data provided by statoshi.info and by the reddit post about the mempool backlog observed during 2016.
All good ! Seems like we have easily solved this mystery. Well, except that it leaves us with two new questions:
- did all the mining pools include these transactions in their blocks or is this behavior limited to a subset of them ?
- why did the pools decide to include low fees transactions that they were previously ignoring ?
Miners gonna mine
Since we’ve identified the fan-in transactions composing the second phase and since we know in which blocks they were included, we can compute a few statistics about the role played by each mining pool. Let’s see if we can use these statistics to answer our new questions.
First, we can compute how much space was consumed by fan-in transactions in the blocks mined by each pool during the period June 2015 — December 2016
No big surprise here. It seems that major pools have played a predominant role in these operations (with a special mention to DiscusFish/F2Pool and its memorable “monster” transaction ;)
As I guess that you all want to know which pools have made “big bucks” with these fan-in transactions, here is the chart
It seems that some pools like HaoBTC or Kano CKPool have “poorly” performed if we compare the fees received and the space consumed with the values of some others pools. More on this later...
Ok. This is all good and well but that doesn’t help us to answer our questions. Let’s try to plot the same charts but this time, we’ll limit the scope of our statistics to fan-in transactions included in blocks during 2016.
We can observe that the amount of fees received during 2016 represents 1/10 of the fees received during the complete phase 2. It obviously suggests that fan-in transactions with the highest fees were mined earlier, on 2015. So far, so good.
We can also observe that the “cleaning” activity of some mining pools (like Bitfury, BTCC or F2Pool) has greatly decreased during 2016. That seems consistent with the reddit comment quoted above.
Let’s continue with the same statistics but limited to S2 2016 (the 8th wave).
Now this is interesting. These charts confirm that only 7 mining pools have played an active role during the 8th wave: 1Hash, Antpool, BitClub Network, BTC.com, HaoBTC, Kano CKPool and ViaBTC.
Great ! It seems that we have the answer to our first question.
For comparison purposes, here’s a chart displaying for S2 2016 the percentages per pool for the number of blocks created and the space consumed by fan-in transactions.
Note: Impact of the 8th wave during S2 2016
Fan-in transactions mined during the 8th wave have consumed around 726MB in the blockchain for a (low) total cost of 10.59BTC paid in fees to the miners. It’s roughly equivalent to 5 days of full 1MB blocks or to 3.2% of the size of all the transactions processed during the same period (spam included).
A good story needs a good timeline (bis)
Now, let’s try to get a better understanding of the individual role of these 7 mining pools by computing the cumulated size of the fan-in transactions included in their blocks during the year 2016.
There are many observations to be made here:
- 4 pools have been active since the beginning of 2016 but the 7th wave (March 2016) was most entirely mined by 3 pools: 1Hash, BitClub Network and Kano CKPool,
- some pools like BTC.com, HaoBTC, ViaBTC have started to include fan-in transactions lately but it worths noting that some of these pools were launched during the year 2016,
- we can observe several plateaux corresponding to periods with very few fan-in transactions included in blocks. These plateaux can be linked to periods of mempool backlogs. That suggests that the mining pools have prioritized transactions with higher fees during these periods (which is somewhat logic and reassuring),
- we can also observe, for many of these pools, a sharp increase in the rate of inclusion of fan-in transactions on late June 2016 (around block 418,000). This change corresponds to the beginning of the 8th wave.
The temporal coincidence in this last observation is rather surprising. One may be tempted to interpret it as a collective answer to a sudden attack but we know that fan-in transactions processed during the 8th wave were flowing on the bitcoin network since late 2015 (see reddit comment quoted below). So, that leaves us with the hypothesis of a coordinated operation decided by a group of mining pools. Remains the question: why did these pools suddenly decide to mine transactions which they were previously ignoring ?
I’m a friend of Sarah Connor. I was told she was here
As this point, it became pretty clear to us that we wouldn’t find the answer to this question in the blockchain. Thus, we’ve decided to get back to the archives, looking for any public statement related to a “mempool cleaning” operation.
I must confess that this search was a failure but by extending its scope, we finally found some interesting (and somewhat weird) elements related to this period:
- on June 27th 2016, one of these pools (HaoBTC) published an open letter to the developers of Bitcoin Core, asking for clarifications about their stance on a 2MB hard fork. This post was quickly deleted but you can find an archived version here,
- 3 days later, a strange rumor appeared on the web about a mysterious “Terminator Plan” supposedly supported by a majority of chinese mining pools.
All these elements put together lead us to think that the 8th wave was the result of a collective decision made by a group of mining pools in the context of the “blocksize debate”. And now, we have a new question…
For what purpose ?
It’s doubtful that the goal of this operation was to seriously hurt the functioning of the network.
It’s also doubtful that the intent was to mechanically increase the average fee rate paid by the users. These fan-in transactions, with their very low fee rate (1sat/byte), aren’t enough to achieve that goal. It would also require that the miners temporarily sacrifice some revenues (by prioritizing the fan-in transactions over high-fees transactions) in order to create an artificial scarcity leading to higher fee rates. For the record, we didn’t check this hypothesis during the analysis.
In my humble opinion, a more likely hypothesis is that the goal of this operation was first and foremost social and psychological. Fact is that the perception of 5 full blocks in a row is very different from 2 full blocks separated by an empty block and 2 half-full blocks. By consistently stuffing blocks with “junk” transactions for months, one can subtly reinforce the belief that Bitcoin requires an urgent upgrade increasing its capacity.
Conclusion
With this second part, we’ve showed that unlike the previous waves, the timing and tempo of the 7th and 8th waves weren’t decided by the initial creators of “Moby Dick” but by a group of mining pools. We let the readers make up their minds about the intents which have motivated this operation…
