On Tuesday, the biggest Bitcoin transaction ever made was loaded on to the blockchain, the publicly viewable ledger that records every instance of the cryptocurrency changing hands. It was 999 kilobytes in size, taking up an entire packet of transaction data, or "block," and when it went out, a user in the Bitcoin developer chatroom remarked, "RIP Bitcoin."
We know who did it: a major Chinese mining pool—a group of Bitcoin miners who have pooled their resources in order to confirm blocks faster for a reward—known as F2Pool. We also know why. Somebody, perhaps numerous people, sent thousands upon thousands of tiny Bitcoin transactions across the network, referred to as "dust," in an attack likely meant to clog up the pipes and potentially even break the Bitcoin system. At least, for a while.
Although F2Pool was initially suspected of launching the attack, it later became clear that the pool's members had taken it upon themselves to mine a massive block as a way to gather up all the dust and clear the spam.
"This could be discrediting the Chinese miners' opinions"
What we don't know is who initiated the spam, or why. The attack is still ongoing, and currently tens of thousands of Bitcoin transactions are languishing, waiting to be loaded on to the blockchain, as miners struggle to keep up with the onslaught of junk transactions.
Could it have been someone trying to discredit or damage powerful Chinese mining pools? Bitcoin vigilantes simply trying to test the system's limits? A rogue Bitcoin developer trying to prove a point? Here are some of the best conspiracy theories about who's behind it all.
Watch more from Motherboard: Life Inside a Secret Chinese Bitcoin Mine
THE ROGUE DEVELOPER
Over the past several months, the Bitcoin community has been roiling with a debate about whether or not to implement a code change that would enable Bitcoin to handle worldwide adoption by increasing the size of the blocks on the chain. The catch is that it would split the blockchain in the process, requiring everyone to move over to a new version of the ledger.
The argument for the pro side of the debate—led by head Bitcoin developer Gavin Andresen—is that the current system simply can't handle a large influx of transactions like the wave of dust hitting Bitcoin right now.
Not everyone agrees with this. Developers and powerful Chinese mining pools, which altogether account for more than half of the entire network's processing power, have all expressed their distaste for the plan because it would throw the Bitcoin system as it stands into irreparable disarray.
To test Andresen's argument, two separate "stress tests" have been conducted by Bitcoin company Coinwallet.eu—essentially what's going on right now, but at a smaller scale—in order to see if the network can handle the activity. Each time, Bitcoin has continued to chug along despite some hiccups.
In the wake of this more serious spam attack, some Reddit users have suggested that the culprit could actually be a Bitcoin developer on the pro side trying to prove their point about the system needing bigger block sizes.
Many of the dust transactions were sent to wallets with known addresses and easily crackable pass phrases, making cleanup a cinch. This could indicate that the person behind the spam didn't want to cripple Bitcoin, only ding it. In this case, whoever launched the attack didn't want to see Bitcoin burn, just demonstrate the system's current weaknesses.
SOMEONE TRYING TO TAKE DOWN CHINESE MINING POOLS
Powerful Chinese mining pools have been at the forefront of the push against the proposed change to Bitcoin. Their chief argument is that their bandwidth is severely limited compared to their counterparts in the US, and if larger block sizes are implemented, they won't be able to keep up.
"There are a lot of people who are very angry at Chinese mining pools, and F2Pool in particular," said Peter Todd, a Bitcoin core developer. "There's multiple reasons for it, like the Chinese miners have come out against Gavin Andresen's proposed block size increase. This could be discrediting the Chinese miners' opinions so that they don't matter as much."
Mike Hearn, another prominent Bitcoin developer, has stated that if Chinese miners revolt against the change and continue to build the old blockchain, a code update could be implemented that would essentially force them off the network. According to Todd, the spam attack could be used a way to discredit F2Pool in the public's eyes, making such a measure easier for users to swallow.
"In the case of F2Pool, if the attacker knew they would go and clean up a dust transaction like that, they might have said, hey, why don't I just go and make them do this?" Todd said. "So that when they clean it up with a really enormous dust transaction, people will complain about it because it's unusual and thus newsworthy."
This possibility is somewhat unlikely, since it would require foreknowledge on the part of the attacker that F2Pool, as opposed to any of the other large Chinese mining pools—or even a miner in North America or Europe—would be the one to clean up the mess. If discrediting F2Pool was the intention, it evidently didn't work very well, as people quickly figured out that the miners were merely cleaning up, not launching the attack.
This explanation seems to be the most likely at this point. Since the attack appears to have been designed as easily fixable, and since it wasn't directed at a Chinese mining pool directly, this spam attack could just be another "stress test."
"Recently there has been a 'Bitcoin stress test' movement to reinforce the need [for a block size increase] by deliberately clogging the network with garbage in an attempt to persuade people that Bitcoin should simply increase its block size to handle more transactions per second," UC Berkeley computer security researcher Nicholas Weaver wrote me in an email.
According to Weaver, a Bitcoin address used in this stress test was used in a previous test orchestrated by Coinwallet.eu. This is particularly damning evidence, although it's worth noting that Coinwallet.eu publicly announced its previous stress tests, but this one came without warning.
For its first test, Coinwallet.eu earmarked 20 Bitcoin, roughly $5,000, to spend on junk transactions in the attack. Weaver, however, said that this attack was much cheaper.
"The attacker processed three Bitcoin for this attack," Weaver said, which is about $800. "But the attack may have cost him a lot less as anything but the transaction fees could have been routed back into the attacker's wallet when done."
If Coinwallet.eu is indeed behind this attack, either it got smart and realized it doesn't need to spend $5,000 to cripple Bitcoin, or the attack was actually launched by someone on a more shoestring budget.
WE REALLY DON'T KNOW, BUT IT COULD BE WORSE
As with most online activity involving hidden identities and cryptography, attribution is difficult, if not impossible, in the case of the massive spam attack hitting Bitcoin right now.
Although Weaver and Todd offered their own theories as to who is behind the attack—Hearn, whom I also contacted, left it at "not really" when I asked if there is any way to tell who is orchestrating it—the truth is that there is almost no way to know for sure.
Even F2Pool is not completely clear of suspicion, although its involvement is highly doubtful, both Weaver and Todd said.
The most important thing to note, however, is that it really could be worse. According to Weaver, the attackers could very easily and cheaply add a little reward to their junk transactions, so that they take further priority over other transactions waiting to be confirmed by miners. With an added reward for processing the junk blocks first, real transactions would be stuck waiting in line, effectively slowing everything down.
In the end, it seems like Bitcoin will just have to ride this one out and hope for the best. Maybe, when it's all done, the culprit will reveal themselves and everything will be made clear. Who knows? Maybe it's even Satoshi Nakamoto herself.