Friday, June 27, 2014

Did You Enjoy Sochi? Not According to the Block Chain.

Back during the 2014 Winter Olympics an unknown party sent out 1200 separate satoshi sized transactions to over a thousand separate wallets.  Then these unspent outputs were sent out to other peoples wallets.  Much reddit freaking out ensued.  Astonishingly enough CoinDesk didn't cover the story.  I guess they were too wrapped up with the Mt. Gox saga, a larger investor story for sure. So the best discussions can be found on the tech boards, such as bitcoin talk.

You would think with such a large scatter spray or transactions someone would have cashed in that free money.  Right?  More asonishinly, the answer is no.  Not a single transaction.  But what is left over is the staging that set up the spam spray.  A chart of balance over time shows a narrow range of activity, all deposits no withdraws.
Enjoy Sochi balance over time

Most of the business happened before 10 Feb, specifically between blocks 284500 and 285200.

Enjoy Sochi Main Load Sequence
One question you should be asking however is how do I know the two addresses are tied?  Why am I speaking of them one and the same?  Here's the transaction graph of all of the loads occurring.  (warning: tall chart on load).
Enjoy Sochi Main Load Graph
This is about 600 transaction in two roughly parallel chains, representing all 1200 or so sochi addresses.  Here's a detail for those who don't want to zoom:
Enjoy Sochi Transaction Graph Detail
Each transaction sent two coins/UTXOs one to each of enjoy and sochi.  The change was sent to the same address, and the split went almost the same all the way down.  Except at the highlighted detail one small changes occurred.  The tower took a break between blocks 284840 and 284912, between 8 to 9 hours.  It then reduced the coin size form 129.99 bits to 107.49 bits.

So why don't we see any more evidence on the blockchain?  All of those thousands of transactions to other peoples wallets never confirmed.  After a while the nodes started forgetting about them and not broadcasting them, and eventually all the memory pool was emptied of those transactions.  None of them cleared because the didn't post a fee and never attained high enough priority to be included in a block (presuming the mining pools didn't explicitly bar those transactions).

The greatest loss of information, however, is that I cannot find any of these unconfirmed transactions on the internet, they have all gone to the bit bucket.  None of the block explorers I've seen keep long term records of all the unconfirmed or rejected transactions for all time.  The closest I've found is one that tracks it back to late February, about two weeks after this dust storm blew over.

So what was the motivation behind this?  We may never know.  As a spam attack it caused only negative sentiment and zero monetization.  If the goal was to clog up the free transaction pool I'de say it was a failure.  If any transaction had cleared then you could argue it took up space other transaction could have used, but no such luck.  If it was designed to slow down the transaction processing of the nodes feeding the minors, no one noticed.  These are questions we may never know the answer to.

Monday, June 16, 2014

US Marshals Bitcoin Auction: Not a Clean Wallet Sweep

Last Thursday the FBI announced it would be selling coins associated with the Silk Road not attributed to Ross Ulbricht AKA Dread Pirate Roberts or DPR (here is the US Marshals notice and a Coindesk story).  They claim to be auctioning off 29,656.513 065 29 bitcoins.  They have been kind enough to identify the bitcoin wallet (1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55) that contains the auctioned coins. What's great about bitcoin is you can look into the transactions and see what is going on.  First, lest's look at the activity on the address as a whole:

Silk Road Original Seized Wallet
This is quite the hairball of transactions.  Most for he coins actually seized by the US Marshals Service are stored in larger coins (10BTC to 2,500 BTC).  The bulk of the transactions are blockchain spam, either "marker" coins people claim they can use to track or using it to post random begging, political statements, or pump and dump claims on  Here's the previous graph with all transactions prior to 11 Jun or so stripped out.

Silk Road Seized Wallet Unspent Coins

The green ovals are the leftover dust that the USMS didn't sweep into the auction coins.  I'm not sure why they missed those coins, because when you look at the wallet attributed to DPR it is a very clean sweep.

Here is the same analysis with the wallets believed to be associated with the DPR case (1FfmbHfnpaZjKFvyi1okTjJJusN455paPH / 1i7cZdoE9NcHSdAL5eGjmTJbBVqeQDwgw)
DPR Seized Wallet
Apologies, I had to downsample the image 1:2 to get the image under Blogger's image size limit.  But the organization of the coins is fascinating to explore.  I'm not sure what the obsession with 324 BTC wallets is however.  It places the value in the USD$50,000 range at the time of the movements.

DPR Seized Wallet Unspent Coins
But the old transaction strip is downright readable without scaling.  No stray dust from that sweep.  This makes me wonder why all of the coin spam got swept into DPRs coins but only some into the Silk Road Seizures.