A ‘bot attack’ hit popular Reddit forums r/Bitcoin and r/BTC in recent days, with several users’ accounts being suspended after being compromised. However, citizen sleuths say there’s reason to believe the attacks were a false flag operation.
One of the First Skirmishes of the Scaling Wars
To be sure, both sides have been guilty of “shots fired.”
But things got confusing days ago on the heels of the first of BCH’s recent price surges, as a bot-driven “upvote campaign” on r/BTC made it seem like the subreddit’s moderators and users were resorting to a trumped-up pro-BCH shill campaign. Meanwhile, BTC’s network congestion hit unprecedented levels.
Yet, according to a seemingly comprehensive investigation by Redditor u/censorship_notifier — moderator of r/noncensored bitcoin, r/noncensored rBitcoin, r/noncensored rbtc — it appears that at least one moderator and Blockstream CTO Greg Maxwell (a.k.a. u/nullc — account since deleted) facilitated the upvote flood on r/BTC himself, in an effort to “victimize” Bitcoin.
First Off: What Happened
On November 14th roundabouts 18:00 UTC, the attack began:
- bots started upvoting posts on r/Bitcoin complaining about fees / network congestion
- bots downvoted 3o post not related to fees / congestion
- a slew of posts on the front page of r/btc were upvoted by bots and hacked Reddit accounts
On the surface, it looked as if a shill campaign was occurring — a campaign apparently aimed at generating new Bitcoin Cash users.
Upon further scrutiny, though, the situation was far more complicated — and nefarious.
The False Flag Argument
In a compelling, fact-based investigation of numerous suspicious comments that appeared as the “bot surge” began, u/censorship_notifier found numerous oddities suggesting that at least one member of the moderator team at r/Bitcoin was a facilitator of the skirmish.
For one, it’s now become clear that a moderator / or automoderator on r/Bitcoin was intentionally approving anti-Bitcoin comments submitted by the bots involved while disallowing all the other regular types of comments that would normally draw the mod team’s ire.
As u/censorship_notifier explained in their report:
“What we did not find was any other examples of anti-r/Bitcoin comments approved or allowed except the comments the bots upvoted.”
“[These comments were] submitted, approved, upvoted, and screenshotted all in less than 180 seconds, as shown by [this] screenshot (“2 minutes” rounds down on Reddit). That is an extremely short time for an automoderated comment to be approved based on what we have observed and in checking other subreddits open modlogs on approvals.”
The suggestion? A moderator was facilitating the visibility of the bot attack, indicating complicity in a false flag attack that involved a simultaneous attack on r/Bitcoin users.
The skirmish also involved the compromising and re-purposing of 35 confirmed Reddit accounts, although forensic analysis suggests as many as 300 accounts were involved. These hacked accounts joined the bots in the acute upvoting and downvoting campaign.
Blockstream CTO Greg Maxwell Alleged to Be Involved
One of the mod-approved accounts that seemed to bolster and corral the bots during the attack was u/4n4n4.
And, per u/censorship_notifier, there’s “a surprisingly large amount of evidence indicating that 4n4n4 is u/nullc [Greg Maxwell], the CTO of Blockstream.”
The citizen sleuth explained:
“The biggest indicator we found is that nullc has the very frequent pattern– of writing–his sentences with two dashes separating words. This by itself is somewhat rare, though we confirmed that he uses it more times than anyone else in [our] database, the much more unusual habit is using two dashes with no spaces on either side. [Our] database stored 860,000 comments for us to compare with, and very quickly confirmed the similarities between the two. His history is littered with examples, but we also used the bitcoin-dev email list to confirm the unusual habit. Like 4n4n4, nullc also has examples of using this–specific pattern twice in one sentence, which was extremely rare in our searches.”
“But there were many more things we noticed. We found several examples of 4n4n4 picking up nullc’s conversations and continuing them. One such case was 4n4n4’s third comment ever. 4n4n4 also referenced many of nullc’s writings and posts. 4n4n4 referenced this code change that originated from nullc multiple times. 4n4n4’s […] used the words “rbtc playbook,” something our database confirmed was extremely rare but is a saying nullc likes.”
But that’s not where the links end. Far from it, in fact.
In numerous ways, u/4n4n4 belies the same experience that Greg Maxwell would have:
A shocking conclusion, of course, but at least one that u/censorship_notifier backed up with countless archived sources.
An Uncompelling Rebuttal?
Relying on roundabout logic, an unverified email from Satoshi Nakamoto’s former address, and the fallacy of “appealing to authority,” nopara73’s rebuttal came off as less than rigorously argued.
Even counter to the stringent pro-decentralization attitudes typically found among Bitcoiners, nopara73 even seemed to suggest at one point that censorship on Reddit was desirable:
“So, can you blame r/Bitcoin moderators for taking a heavy handed approach on moderation, in order to avoid their child turn into a sh*thole, like the other [r/BTC] subreddit?”
This sentiment is up for debate, surely. But it does come across as projective that nopara73 apparently endorses censorship — the act of falsifying the public record — in a post defending r/Bitcoin and alleging that r/BTC is guilty of falsifying the public record.
Note: This Article’s Author a Victim in the Bot Skirmish
On November 14th, I was myself perusing crypto-related subreddits when I observed my profile had upvoted 80 to 90 percent of all the posts on r/BTC’s front page.
I found this very strange, but chalked it up to a glitch from my old and incredibly finicky smartphone.
Later that day, I logged on to my account only to see that it had been suspended. I received this message from Reddit’s admins:
Some background on my crypto/Reddit use for context.
As a cryptocurrency journalist, I subscribed to both r/Bitcoin and r/BTC to routinely check for news tips. I’ve never posted or commented in either subreddit a single time — I was a perennial lurker, as it were.
In the scaling debates, I’ve taken as neutral approach as possible: I believe both off-chain (BTC) and on-chain (BCH) scaling solutions will be needed. I maintain zero percent of my holdings in BTC or BCH, and as an Ethereum enthusiast, I’ve watched the ongoing debates more or less like a Switzerland — from afar.
As such, I have no leads as to why my account was personally targeted as one of the 35 to 300 that were compromised in the recent attack.
One thing is clear, though: the Bitcoin community’s scaling debate could get considerably more toxic if this bot incident is any indication of the future that’s to come.
What’s your take? Do you side with r/Bitcoin or r/btc in the ongoing scaling debate? Is the whole situation tragic, or should there be a clear winner? Sound off in the comments below!
Images via Reddit, Blockstream, Information Security Buzz