July 2015 flood attack

The July 2015 flood attack was a large “stress test” of the Bitcoin network. The possibly distributed attack has provoked hundreds of thousands of transactions, leaving over 80,000 in the mempool at one time. The attack is subsequent to stress tests executed in June.

Some charities and organizations, including WikiLeaks and Voat, have received thousands of dust outputs. Additionally, some single-word brainwallets (“password”, “cat”, etc.) have been the recipients of thousands of transactions, leaving 0.00001 BTC outputs. F2Pool has been concatenating these outputs in huge 1MB transactions. These transactions fill up an entire block on their own, and are far too large to be relayed by nodes; they have only been confirmed because F2Pool dedicated blocks to them. Some nodes reported having spent over 20 seconds verifying one of these transactions, explaining momentary but extreme latency and downtime on block chain explorers.

later contacted F2Pool, advising them to use the same signature for each input in the large transactions. This made the transactions highly compressible and far easier to verify.

As a result of this attack, most mining pools updated their software to produce 1 MB blocks, as originally most capped their blocks at sizes such as 250 kB or 750 kB. The attack seems to have concluded by July 15.


The attackers may have had an agenda related to the blocksize debate, attempting to demonstrate the infeasibility of 1MB blocks including transactions of hundreds of thousands of users. The flood attack may have been attempting to discredit the pools, and subsequently force them off the network after the raised blocksize limit is in effect.

It is unlikely that the attack was used in an attempt to damage or shut down Bitcoin, as it appears to have been controlled and benevolent. It has also resulted in the donation of over 30 BTC to various sites.

Peter Todd had previously offered to execute a stress test for $7,000 but he denies involvement in this attack.

A redditor has published the private keys to hundreds of addresses which have been recipients of dust outputs in 2013, perhaps in an attempt to incite additional spam as redditors try to claim the funds.

Satoshi Nakamoto has been (perhaps jokingly) labeled a suspect, as he had mentioned that the block size should be increased when it is needed and may be campaigning for this change without revealing his involvement.



See Also on BitcoinWiki