Anonymous Crypto Prankster Attempts to ’Stone’ Bitcoin—Market Barely Blinks

Bitcoin’s latest stress test came from an unlikely source: a pseudonymous bad actor flooding the network with junk transactions. The ’stoning’ attack—named after the blockchain equivalent of a DDoS—briefly spiked fees but failed to derail the world’s most battle-hardened cryptocurrency.

How it worked: The attacker exploited Bitcoin’s fee market mechanics, spamming the mempool with low-value transactions. Miners simply prioritized higher-fee payments—proof that even when you try to break it, Bitcoin’s incentives stay ruthlessly efficient.

The aftermath? A 12-hour fee spike and collective shrug from traders. Meanwhile, Wall Street hedge funds continue charging 2-and-20 for returns Bitcoin achieves by... existing.

On This Day — Bitcoin gets Stoned

This story starts all the way back in 1987, more than two decades before Bitcoin.

It’s believed that an unknown student at the University of Wellington in New Zealand had developed malware known as Stoned, one of the first ever computer viruses.

Stoned was an early boot virus, a category which infects the boot sector of a hard drive or removable media (mostly floppy disks back then), altering how computers initially load their operating systems and run other necessary start-up functions.

It was technically a novel virus, but in reality, Stoned was more of an elaborate prank. 

An infected machine would have a one in eight chance of loading a screen that would simply display a pro-pot message: 

“Your PC is now stoned! LEGALIZE MARIJUANA!”

Twenty-seven years later, on May 15, 2014, a pseudonymous Windows 7 user reported a worrying false positive from their Microsoft Security Essentials package.

Microsoft’s built-in antivirus software had detected Stoned’s virus signature in Bitcoin’s blockchain data, leading to constant annoying popups and even deletion of all relevant files.

That included removal of the complete copy of the chain’s history required to sync nodes, which was almost 19 GB large at the time, data that would be automatically re-downloaded by the Bitcoin client.

It didn’t make any sense for Stoned to have really infected Bitcoin Core. The virus’s code would be completely benign, even if it were somehow written to the chain in its entirety. 

The running theory was that perhaps by some statistical anomaly, Bitcoin’s hash function for its block headers had somehow generated enough of Stone’s hexadecimal byte sequences for Microsoft’s malware scanner to recognise it as the actual virus.

Microsoft then quickly patched Security Essentials to ignore the curiosity.

The smoking gun only came about six weeks later, by way of IT professional Didier Stevens. It was not a hoax: Someone had intentionally attempted to bring down Bitcoin nodes.

Stevens had discovered a series of transactions from April 4, 2014 featuring outputs containing identical byte sequences to ones inside Stoned’s code.

Meanwhile, two days earlier, a Pastebin post by an anonymous author had outlined a method of spamming the Bitcoin specifically to trigger false-positives from antivirus software.

They wrote: “Spamming the bitcoin database with virus signatures will cause havoc. Some antivirus-programs will delete the database locally, others will deny their bitcoin-client access to the databases.”

“Some won’t be able to start their bitcoin-clients again (and can’t understand why). Some will format and reinstall their computer…to once again get ‘infected’ when they get a bitcoin client again.”

Next, panic would strike “computer n00bs” alongside rumors that Bitcoin is spreading viruses. Then, chaos, with the media dramatizing the situation. 

“The value of bitcoins will drop hasty…Please help spamming the bitcoin database with virus signatures :)”

Stoned bytecode was injected into Bitcoin’s chain data within about a day of the post.

Of course, there was no widespread panic. The price of bitcoin never crashed in relation to the prank, and there wasn’t a noticeable drop in hash rate due nodes being knocked offline.

But there were forum threads about it, as well as media headlines, blogs and other posts, including this one, 11 years later. That’s gotta count for something.

— David

From The Pod

These days, Bitcoin is increasingly divided over whether spam, not unlike the Stoned bytecode, is, in fact, a virus.

“We’ve always been hostile to the shitcoiners when they invade. Make no mistake, they are invading right now and we should be hostile to them again.”

Those are the passionate words of Chris Guida, a Bitcoin ecosystem developer in favor of stopping non-standard data from ever making it to the chain via the ever-polarizing OP_RETURN field. 

In today’s epic two-hour episode of Supply Shock, Guida and host Pete Rizzo cover the spam filter debate, miner incentives, the realities of decentralization in modern day Bitcoin and other spicy topics.

“It’s called a filter and not a wall because some things are going to slip through. That’s okay, the point of spam filters is to raise the cost of spamming so that the worst offenders, things like BRC20s that had huge transaction volume at the peak, can’t happen.”
Check out the full episode on YouTube, Apple Podcasts and Spotify.

• The Breakdown: Decoding crypto and the markets. Daily.
• Empire: Crypto news and analysis to start your day.
• Forward Guidance: The intersection of crypto, macro and policy.
• 0xResearch: Alpha directly in your inbox.
• Lightspeed: All things Solana.
• The Drop: Apps, games, memes and more.
• Supply Shock: Bitcoin, bitcoin, bitcoin.