[XMR] Monero - A secure, private, untraceable cryptocurrency

[fluffypony]

2014/08/24 Monero Blockchain Spam Attack - Post Mortem

Part I

A slightly deeper analysis around the transactions and the timeline will come out in part 2 tomorrow, along with the Monero Missive (delayed to give us time to focus on this priority;)

On 2014/08/24 a spam attack was launched against the Monero blockchain. Up to that point, Monero had a relatively low fixed fee per transaction of 0.005 XMR (under 1 US cent per transaction). This allowed the attacker to broadcast extremely large transactions every 5 seconds.

For the most part, the network worked as expected. The dynamic block size limit allowed the max block size to grow, and transactions were broadcast without incident. However, the (relatively) slow expansion in the median block size, among other things, lead to some transactions taking some time to confirm. This is not the usual turn of events - normally an increase in usage occurs over a couple of days in a best case scenario (Monero is featured on Dr Phil and Oprah, and every Monero user gets a whale once they check under their seat). At its worst, there were ~400 transactions in the memory pool that were waiting to be confirmed. The sudden, sharp, drastic increase means that the network needed to adjust, and in the interim some transactions took anything from a few extra minutes to an hour longer than usual.

Let's look at the actual effect on the blockchain:



From our average of around ~1750 transactions a day, the network spiked to 3255 transactions on the day of the attack - an 86% increase! Nonetheless, the network survived and handled it quite well.



Block time should average around 60 seconds. As you can see, there was no drastic change in our average daily block time, indicative of the network's robustness as it sought to maintain the 60 second average.



Blockchain growth over August was 6.684mb per day. Because of the attack, blockchain growth over the past two days was 20.326mb (23rd) and 15.05mb (24th). This is a net effect of 13.642mb extra + 8.366mb extra = 22mb more than average over the period.



As a final note of interest, you can see the minor dip in yesterday's block reward, as the block penalty kicked in to prevent too many large blocks being created.

Within the space of about 4 hours we had finalised and deployed a temporary fix that ramped the fee up. Thanks to the hard work and availability of pool operators and exchange operators on a Saturday afternoon/evening, we were able to get a large enough portion of the network to shift over to incorporate the change. Those pool operators that were unavailable in the wee hours of Saturday evening picked up the change on Sunday, and as of Sunday morning the network has recovered completely, bar 22mb of extra unnecessary transactions.

The ramp up to 0.1 XMR fees stopped the attacker dead in their tracks, and gives us a bit of time to regroup and finalise the changes we were making that will permanently prevent this in future.

[1714731357]

1714731357

[1714731357]

1714731357

[1714731357]

1714731357

[dewdeded]

I would like to thank all Monero developers and core team members for their great work. I really have big respect for you guys.

For me, the Monero project seams to be one of the first serious & significant incremental innovation (German: "Verbesserungsinnovation") with great potential, after the break-through basis innovation (of) Crypto-Currency and all it's madness and 1000 projects/meander/trial and error efforts and growing pains scene-wide (scams, BS projects, coins lost, lessons learned...).

Never Stop That Feeling

[statdude]

Update:
Now 59 entries on the list.

Am I correct that this shows the median monero holder on your list currently holds ~20k USD worth of Monero?

Update:


Count         89
Average   10,206
Median       3500

Survey Link:

https://docs.google.com/forms/d/10FFq_viVaY_THsToPNEwgTxrBSGVxW1EzeYPHX_2nuQ/viewform?usp=send_form

[primer-]

Update:
Now 59 entries on the list.

Am I correct that this shows the median monero holder on your list currently holds ~20k USD worth of Monero?

Update:


Count         89
Average   10,206
Median       3500

Survey Link:

https://docs.google.com/forms/d/10FFq_viVaY_THsToPNEwgTxrBSGVxW1EzeYPHX_2nuQ/viewform?usp=send_form

Idiot.

[Toninho]

Update:
Now 59 entries on the list.

Am I correct that this shows the median monero holder on your list currently holds ~20k USD worth of Monero?

Update:


Count         89
Average   10,206
Median       3500

Survey Link:

https://docs.google.com/forms/d/10FFq_viVaY_THsToPNEwgTxrBSGVxW1EzeYPHX_2nuQ/viewform?usp=send_form

Idiot.

[exciter0]

2014/08/24 Monero Blockchain Spam Attack - Post Mortem

Everyone, if you appreciate how the A-Team devs handled this situation as much as I do, please consider sending a small donation their way: https://bitcointalk.org/index.php?topic=700400.0 

[cAPSLOCK]

Idiot.

There are probably far less embarrassing ways to introduce yourself, but I suppose if accuracy is your thing then who am I to judge.

[mmortal03]

Update:
Now 59 entries on the list.

Am I correct that this shows the median monero holder on your list currently holds ~20k USD worth of Monero?

Update:


Count         89
Average   10,206
Median       3500

Survey Link:

https://docs.google.com/forms/d/10FFq_viVaY_THsToPNEwgTxrBSGVxW1EzeYPHX_2nuQ/viewform?usp=send_form

Idiot.

The mean is ~$19.4k now, and the median is ~$6.7k.

[sleepdog]

2014/08/24 Monero Blockchain Spam Attack - Post Mortem



Blockchain growth over August was 6.684mb per day. Because of the attack, blockchain growth over the past two days was 20.326mb (23rd) and 15.05mb (24th). This is a net effect of 13.642mb extra + 8.366mb extra = 22mb more than average over the period.

My blockchain.bin is double the size indicated by your graph (2.15GB), any idea why this might be?
Is there any connection here to why the daemon uses 3.5GB memory? I've had to upgrade my PC from 4 - 6GB so it's usable when the daemon is running.

[zarton]

The windows and linux systems have virtual memory so if you only have 4 gb the system takes hard disk space to use as memory ram. Its not mandatory upgrade the ram to keep loaded the monero blockchain.

[sleepdog]

The windows and linux systems have virtual memory so if you only have 4 gb the system takes hard disk space to use as memory ram. Its not mandatory upgrade the ram to keep loaded the monero blockchain.

It's not mandatory, but by my experience it is necessary to retain a responsive system.

[wedgy2k]

My blockchain.bin is double the size indicated by your graph (2.15GB), any idea why this might be?
Is there any connection here to why the daemon uses 3.5GB memory? I've had to upgrade my PC from 4 - 6GB so it's usable when the daemon is running.

Mine is 2.31 GB and not double, bitmonero v0.8.8.2 (OSX 10.9.4)

(just for reference)

[Miller0]

My blockchain.bin is double the size indicated by your graph (2.15GB), any idea why this might be?
Is there any connection here to why the daemon uses 3.5GB memory? I've had to upgrade my PC from 4 - 6GB so it's usable when the daemon is running.

Mine is 2.31 GB and not double, bitmonero v0.8.8.2 (OSX 10.9.4)

(just for reference)

THX

[Its About Sharing]

The ramp up to 0.1 XMR fees stopped the attacker dead in their tracks, and gives us a bit of time to regroup and finalise the changes we were making that will permanently prevent this in future.

Thanks for the detailed update fluffypony.
I have a general question that would seem to apply to all alts, but perhaps more to XMR.

What if there is an attacker (e.g. bank, large institution or even State) with relatively limitless pockets? It seems to me, there is a bell curve of optimal disruption they can cause, then beyond that, their buying is going to raise the price too much (and even then that might not be so bad). I'm talking worst case scenarios here and again, it would apply to all coins. I just think it is something, of course, we need to watch out for especially, due to the larger blockchain, at least at this time. I understand no coin can perhaps stop a full on attack, due to their design, at least at this time, but it would still be nice to have an understanding of the ramifications (which in part, you have just given us - I'm just talking about amplitudes greater in the attack vector.)

Related, if BTC, Monero, etc. do experience such attacks in the future, is there a way to just prune the attack transactions out of the blockchain? Or another solution?

Thanks in advance,
IAS

ps - Of course I am a holder of Monero. 

[sleepdog]

My blockchain.bin is double the size indicated by your graph (2.15GB), any idea why this might be?
Is there any connection here to why the daemon uses 3.5GB memory? I've had to upgrade my PC from 4 - 6GB so it's usable when the daemon is running.

Mine is 2.31 GB and not double, bitmonero v0.8.8.2 (OSX 10.9.4)

(just for reference)

It's not exactly double, true. As of an hour ago mine is 2.15 GB (2,315,602,066 bytes). No doubt yours is the same. I'm asking if this is normal seeing as the graph provided by the devs shows a size of roughly 1 GB.

[sammy007]

The ramp up to 0.1 XMR fees stopped the attacker dead in their tracks, and gives us a bit of time to regroup and finalise the changes we were making that will permanently prevent this in future.

Thanks for the detailed update fluffypony.
I have a general question that would seem to apply to all alts, but perhaps more to XMR.

What if there is an attacker (e.g. bank, large institution or even State) with relatively limitless pockets? It seems to me, there is a bell curve of optimal disruption they can cause, then beyond that, their buying is going to raise the price too much (and even then that might not be so bad). I'm talking worst case scenarios here and again, it would apply to all coins. I just think it is something, of course, we need to watch out for especially, due to the larger blockchain, at least at this time. I understand no coin can perhaps stop a full on attack, due to their design, at least at this time, but it would still be nice to have an understanding of the ramifications (which in part, you have just given us - I'm just talking about amplitudes greater in the attack vector.)

Related, if BTC, Monero, etc. do experience such attacks in the future, is there a way to just prune the attack transactions out of the blockchain? Or another solution?

Thanks in advance,
IAS

ps - Of course I am a holder of Monero.  

In future, tx fee will depend on tx size. Heavy tx = expensive transfer. Bank, institution? Why big holder will attack their own funds?

[fluffypony]

My blockchain.bin is double the size indicated by your graph (2.15GB), any idea why this might be?
Is there any connection here to why the daemon uses 3.5GB memory? I've had to upgrade my PC from 4 - 6GB so it's usable when the daemon is running.

Mine is 2.31 GB and not double, bitmonero v0.8.8.2 (OSX 10.9.4)

(just for reference)

It's not exactly double, true. As of an hour ago mine is 2.15 GB (2,315,602,066 bytes). No doubt yours is the same. I'm asking if this is normal seeing as the graph provided by the devs shows a size of roughly 1 GB.

At the moment it's not stored efficiently - the key image set and the utxoset are both duplicated separately from the blockchain. This will be more efficiently stored in the database:)

[fluffypony]

The ramp up to 0.1 XMR fees stopped the attacker dead in their tracks, and gives us a bit of time to regroup and finalise the changes we were making that will permanently prevent this in future.

Thanks for the detailed update fluffypony.
I have a general question that would seem to apply to all alts, but perhaps more to XMR.

What if there is an attacker (e.g. bank, large institution or even State) with relatively limitless pockets? It seems to me, there is a bell curve of optimal disruption they can cause, then beyond that, their buying is going to raise the price too much (and even then that might not be so bad). I'm talking worst case scenarios here and again, it would apply to all coins. I just think it is something, of course, we need to watch out for especially, due to the larger blockchain, at least at this time. I understand no coin can perhaps stop a full on attack, due to their design, at least at this time, but it would still be nice to have an understanding of the ramifications (which in part, you have just given us - I'm just talking about amplitudes greater in the attack vector.)

Related, if BTC, Monero, etc. do experience such attacks in the future, is there a way to just prune the attack transactions out of the blockchain? Or another solution?

Thanks in advance,
IAS

ps - Of course I am a holder of Monero. 

It's been done before, even recently with Bitcoin (see the 1Enjoy 1Sochi attack last year). A highly motivated, highly skilled attacker with near limitless resources would benefit far more by combining market manipulation with an organised disinformation / smear campaign. At the moment, those who seek to disrupt little ol' Monero are able to do the latter, but lack the resources to do the former. The only thing you can hope for in future is that market manipulation, controlling more hashrate than half the network, spam attacks, and attempted DoS attacks become so expensive that even our proverbial attacker chooses to walk away from those options. We can't prevent the disinformation / smear campaign, but given how poorly it's going for certain-other-parties right now I don't suspect it to be terribly successful in the future;)

[e-coinomist]

It's not exactly double, true. As of an hour ago mine is 2.15 GB (2,315,602,066 bytes). No doubt yours is the same. I'm asking if this is normal seeing as the graph provided by the devs shows a size of roughly 1 GB.

It is temporarily twice the size in the moment you stop the daemon, and it stores blockchain in a temporary file.

bitmonero-master/src/cryptonote_core/blockchain_storage.cpp
blockchain_storage::store_blockchain()
const std::string temp_filename = m_config_folder + "/" CRYPTONOTE_BLOCKCHAINDATA_TEMP_FILENAME;

For my personal use I changed that, simple added removal of the former chain copy. If that ever failes me, system would have to download whole chain back from beginning. The database is a milestone still ahead, and much awaited (even more so then any GUI)

What if there is an attacker (e.g. bank, large institution or even State) with relatively limitless pockets? It seems to me, there is a bell curve of optimal disruption they can cause, then beyond that, their buying is going to raise the price too much (and even then that might not be so bad). I'm talking worst case scenarios here and again,...

Strange, how the Bad Guy faces have changed. But maybe there wasn't only an attack, but more use of the network? Remember that some mining pools payout in 0.1 XMR slices. So that got perfectly bummed by raising transfer fees onto exactly the same amount!

[sgi02]

I've updated to the latest bitmonerod and simplewallet and now when I try to exit the bitmonerod (with the exit command) it just hangs and I have to manually close the window causing me to have to resync every time I reopen. I deleted the poolstate and p2p files, and the issue still persists. I'm running Windows 64-Bit, any workarounds for this? Thanks!