Bitcoin gets Stoned: How one anonymous prankster tried to crash BTC
In 2014, Microsoft virus scanners were detecting viruses in Bitcoin software
Art by Crystal Le
This is a segment from the Supply Shock newsletter. To read full editions, subscribe.
Bitcoin has its enemies.
Environmental alarmists, stubborn central bankers and out-of-touch politicians would surely count, even if their ranks have thinned in the past few years.
There’s also the odd boomer economist who would still jump at the chance to suggest that bitcoin has no intrinsic value and embodies the greater fool theory, if it meant extra engagement.
All those archetypes are great heels that routinely serve as sounding boards for Bitcoin discourse.
There are also those who’ve attacked Bitcoin out of boredom, curiosity or just for fun. Which I suppose is somewhat cooler.
This is the tale of one such punk hellbent on disrupting Bitcoin as best they could.
On This Day — Bitcoin gets Stoned
This story starts all the way back in 1987, more than two decades before Bitcoin.
It’s believed that an unknown student at the University of Wellington in New Zealand had developed malware known as Stoned, one of the first ever computer viruses.
Stoned was an early boot virus, a category which infects the boot sector of a hard drive or removable media (mostly floppy disks back then), altering how computers initially load their operating systems and run other necessary start-up functions.
It was technically a novel virus, but in reality, Stoned was more of an elaborate prank.
An infected machine would have a one in eight chance of loading a screen that would simply display a pro-pot message:
“Your PC is now stoned! LEGALIZE MARIJUANA!”
Check the bottom right corner — you’ve been Stoned!
Twenty-seven years later, on May 15, 2014, a pseudonymous Windows 7 user reported a worrying false positive from their Microsoft Security Essentials package.
Microsoft’s built-in antivirus software had detected Stoned’s virus signature in Bitcoin’s blockchain data, leading to constant annoying popups and even deletion of all relevant files.
That included removal of the complete copy of the chain’s history required to sync nodes, which was almost 19 GB large at the time, data that would be automatically re-downloaded by the Bitcoin client.
It didn’t make any sense for Stoned to have really infected Bitcoin Core. The virus’s code would be completely benign, even if it were somehow written to the chain in its entirety.
The running theory was that perhaps by some statistical anomaly, Bitcoin’s hash function for its block headers had somehow generated enough of Stone’s hexadecimal byte sequences for Microsoft’s malware scanner to recognise it as the actual virus.
Microsoft then quickly patched Security Essentials to ignore the curiosity.
The smoking gun only came about six weeks later, by way of IT professional Didier Stevens. It was not a hoax: Someone had intentionally attempted to bring down Bitcoin nodes.
Stevens had discovered a series of transactions from April 4, 2014 featuring outputs containing identical byte sequences to ones inside Stoned’s code.
Meanwhile, two days earlier, a Pastebin post by an anonymous author had outlined a method of spamming the Bitcoin specifically to trigger false-positives from antivirus software.
They wrote: “Spamming the bitcoin database with virus signatures will cause havoc. Some antivirus-programs will delete the database locally, others will deny their bitcoin-client access to the databases.”
“Some won’t be able to start their bitcoin-clients again (and can’t understand why). Some will format and reinstall their computer…to once again get ‘infected’ when they get a bitcoin client again.”
Next, panic would strike “computer n00bs” alongside rumors that Bitcoin is spreading viruses. Then, chaos, with the media dramatizing the situation.
“The value of bitcoins will drop hasty…Please help spamming the bitcoin database with virus signatures :)”
Stoned bytecode was injected into Bitcoin’s chain data within about a day of the post.
Of course, there was no widespread panic. The price of bitcoin never crashed in relation to the prank, and there wasn’t a noticeable drop in hash rate due nodes being knocked offline.
But there were forum threads about it, as well as media headlines, blogs and other posts, including this one, 11 years later. That’s gotta count for something.
— David
From The Pod
These days, Bitcoin is increasingly divided over whether spam, not unlike the Stoned bytecode, is, in fact, a virus.
“We’ve always been hostile to the shitcoiners when they invade. Make no mistake, they are invading right now and we should be hostile to them again.”
Those are the passionate words of Chris Guida, a Bitcoin ecosystem developer in favor of stopping non-standard data from ever making it to the chain via the ever-polarizing OP_RETURN field.
In today’s epic two-hour episode of Supply Shock, Guida and host Pete Rizzo cover the spam filter debate, miner incentives, the realities of decentralization in modern day Bitcoin and other spicy topics.
“It’s called a filter and not a wall because some things are going to slip through. That’s okay, the point of spam filters is to raise the cost of spamming so that the worst offenders, things like BRC20s that had huge transaction volume at the peak, can’t happen.”
Check out the full episode on YouTube, Apple Podcasts and Spotify.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
