Bitcoin transaction "DDOS"

[Ssatooshi]

Hello,

What would happen if some bad people launch 1 million transactions in 1 click? Would the cost be only ~2-5 millions usd ?
Second question in case question 1 does hurts why bad people don't do it right now?

Thank you.

Ssatooshi

PS: I'm talking about really nicely made transactions that look like normal transactions and couldn't really be distinguishable from the rest of the transactions appart from the fact they would have the same ~timestamp.
And we could also think about a slow attack spread over time.

[Upgrade00]

What would happen if some bad people launch 1 million transactions in 1 click? Would the cost be only ~2-5 millions usd ?

I'm trying to understand your question, are you asking if a rush of transactions would slow down the network and lead to higher fees?
What's the $2.5 million in this scenario?

Second question in case question 1 does hurts why bad people don't do it right now?

What would be the purpose of this? To slow down the network and expose shortcomings in bitcoin?
Lagging is a normal effect of a sharp increase in number of data processed over a period of time.

PS: I'm talking about really nicely made transactions that look like normal transactions and couldn't really be distinguishable from the rest of the transactions appart from the fact they would have the same ~timestamp.
And we could also think about a slow attack spread over time.

AFAIK, Timestamp are attached to blocks and not individual transactions, so the time you broadcasted the transaction does not really matter.

[Ssatooshi]

In short i just wanted to know if it was possible to break Bitcoin with a transaction flood attack ? (Break bitcoin would mean paralyze any normal activity, prevent people from doing transactions)
I guess not otherwise it would have happened and i guess there are protocols to avoid that.
I found this link while i was waiting for an answer: https://www.intechopen.com/chapters/75945

[hatshepsut93]

Bitcoin has a fee market, so you can't pay a fixed price to effectively stop legitimate transactions from being confirmed. You can make a million transactions with $1 fee and it won't mean you have bought all transaction space for a day - it would mean that the users who have paid $1 or less will have lower chance of getting their tx confirmed and will suffer some delays, but those who paid higher fees won't be affected. Essentially, trying to DDOS Bitcoin can only increase the transaction costs, not actually deny service, though for some cases, like micropayments that would become uneconomical, that would be a denial of service.

[Ssatooshi]

Bitcoin has a fee market, so you can't pay a fixed price to effectively stop legitimate transactions from being confirmed. You can make a million transactions with $1 fee and it won't mean you have bought all transaction space for a day - it would mean that the users who have paid $1 or less will have lower chance of getting their tx confirmed and will suffer some delays, but those who paid higher fees won't be affected. Essentially, trying to DDOS Bitcoin can only increase the transaction costs, not actually deny service, though for some cases, like micropayments that would become uneconomical, that would be a denial of service.

So now my question is, what would be the impact of a group of people sending 1,000,000 transactions at $10 ? It will just piss some people off because fees would jump from $1.5 to $10 ? and it would be absorbed in only a few hours?

[tadamichi]

Hello,

What would happen if some bad people launch 1 million transactions in 1 click? Would the cost be only ~2-5 millions usd ?
Second question in case question 1 does hurts why bad people don't do it right now?

Thank you.

Ssatooshi

PS: I'm talking about really nicely made transactions that look like normal transactions and couldn't really be distinguishable from the rest of the transactions appart from the fact they would have the same ~timestamp.
And we could also think about a slow attack spread over time.

They would go into the nodes mempool waiting to get confirmed, since 1 block only takes in a limited amount of transactions. So then people would have the option to pick a higher transaction fee than the attacker did and his transactions would be stuck for some time.  Or other nodes could up their minimum mempool fee rate to be higher than the transactions and they wouldn’t be taken in anymore. So in the end he wasted money on nothing and the network would work just fine.

[hatshepsut93]

So now my question is, what would be the impact of a group of people sending 1,000,000 transactions at $10 ? It will just piss some people off because fees would jump from $1.5 to $10 ? and it would be absorbed in only a few hours?

It's hard to say for how long would the fees be high. If users will wait with their transactions and attacker's transactions have the highest fee in mempool, then the attack will be effectively for as long as Bitcoin transaction processing capacity allows it. For one million transactions, that's about one day. But if other users will bump their fees to get their transactions confirmed in the next few blocks, then the high fee levels would last for longer.

The bottom line is, such attack costs a lot of money and it can't stop Bitcoin transactions from being confirmed, and its effects don't last for long.

[tadamichi]

Bitcoin has a fee market, so you can't pay a fixed price to effectively stop legitimate transactions from being confirmed. You can make a million transactions with $1 fee and it won't mean you have bought all transaction space for a day - it would mean that the users who have paid $1 or less will have lower chance of getting their tx confirmed and will suffer some delays, but those who paid higher fees won't be affected. Essentially, trying to DDOS Bitcoin can only increase the transaction costs, not actually deny service, though for some cases, like micropayments that would become uneconomical, that would be a denial of service.

So now my question is, what would be the impact of a group of people sending 1,000,000 transactions at $10 ? It will just piss some people off because fees would jump from $1.5 to $10 ? and it would be absorbed in only a few hours?

It can take a few hundred blocks to process this many transactions and only if they set the transaction fee to be ridiculously high then maybe most would wait till they’re processed until they do transactions again. But it would make the attack way more expensive and wouldn’t really stop the service.

[LoyceMobile]

You should read how transactions work. Short version: it's not measured in dollars, and it's not measured per transaction.
Priority is decided based on the highest fee rate in satoshi per vbyte (transaction size).

[Ssatooshi]

Thank you all !

[OgNasty]

I'm glad to see a couple of people mention the mempool, as you not understanding how the mempool works is likely the motivation behind your questions.  There is a website I use to determine how much of a fee to provide with my transactions and I think having a look at it might help you understand a little better how it works.  Miners are always going to select the most profitable transactions for their blocks, so flooding the network with transactions would be a costly way to make others pay more for the transactions or wait longer if they can't...  That's about it.

https://jochen-hoenicke.de/queue/#BTC%20(default%20mempool),24h,weight

[tranthidung]

With Bitcoin, if you use a non custodial wallet and know when transaction fee rate is cheap and what is fee rate you should use for your transaction, you can move million or billion of dollar with just $1 or lower in transaction fee.

DDOS with Bitcoin transaction, it's a weird term, I have never heard about it. Do you imply about dust attacks?

• Dust Attack, what it is, why it is dangerous and how to prevent falling to it

Example

Now, an unknown person has sent 547 Satoshis to our escrow address: https://blockchair.com/bitcoin/transaction/d3239fcd4ed507b1943ea4fe3cec19fff380d9cfb96d5a3b27bfba549be74a18

It's one of more than 500 addresses where 547 Satoshis each were also sent by that unknown address:

In order to confirm receiving address, you should make a minor transaction as a test one.

• How to lose your Bitcoins with CTRL-C CTRL-V
• If anything goes wrong, you won't lose too big money

[decodx]

DDOS with Bitcoin transaction, it's a weird term, I have never heard about it. Do you imply about dust attacks?
<...>

I think he's referring to the Flood attack.

A flood attack is the process of sending thousands of transactions to "flood" the mempool, filling new blocks to the maximum size of 1MB, and subsequently delaying other transactions.

However, as already explained above, this would not stop the network, but would only delay some transactions and increase transaction fees. Eventually, the attacker would run out of money and everything would return to normal, so all the effort would be for nothing.

[pooya87]

They already did that in 2017. There were many large scale spam attacks against bitcoin sponsored by different malicious groups such as some of the shitcoiners like DASH. There is a protection against such attacks with a cap on block size and certain restrictions on each node's mempool size.
First thing that happened was that the fee went up so the cost of the attack went up and any of the spam transactions with low fee was simply forgotten as the nodes dropped them from their mempool.

[Lucius]

They already did that in 2017.

Those who were there 5 years ago remember that at that time the fee for the priority transaction reached as much as $50, but also that it was a time when there was a very coordinated campaign against Bitcoin. At a time when 1 BTC was worth about $5000, the competition was approaching over $3000 for what they called real bitcoin, and as far as I can remember many began to doubt whether they will succeed in their plan.

I think such attacks are a thing of the past because they have been shown to cost too much and ultimately have no results.

[Welsh]

I think such attacks are a thing of the past because they have been shown to cost too much and ultimately have no results.

As with most attacks. The cost is too high to realistically keep it up for a long enough period for it to have a meaningful effect. We'll likely see it attempted in the future again, even if it's on a smaller scale, but ultimately it'll have the same effect. Short term fee increase, but no real effect in the long term.

I guess, it could be problematic if a lot of people are relying on it for income/expenses, but ultimately all it would do is reduce consumer confidence for the short term. You could potentially achieve the same in the fiat run world too, although a little differently. Again, it isn't documented much since it hasn't really been done to any sort of meaningful effect.

[ranochigo]

It is a legitimate concern. You have the fee market, which functions on simple economics and that spam attack gets more expensive as time goes by. It doesn't mean that is hasn't happened before: https://bitcointalk.org/index.php?topic=1098263.0. It was at the peak of the block war where fees were consistently high and it basically rendered Bitcoin unusable without paying high fees. It would depend a lot on the attacker's funds and what they're trying to achieve. Practically, it does quite a bit of inconvenience but the costs is fairly high. Mining pools also have the option of selective censorship but it would be quite counterintuitive.

There is actually a cheaper way to do DDOS, not by the transaction size alone. You can also create transactions with high SIGOPs to get miners to mine them and leave the rest of the transactions with lesser SIGOPs. This isn't very effective IIRC, since they changed the SIGOPs limits and those higher than the limits would be non-standard.

All in all, it is very possible to have a DDOS on Bitcoin, simply because there is a limit to how many transactions can be in a block. It just gets expensive and pointless.