Bitcoin Core devs claimed Knots operators were inflating statistics

Bitcoin Core devs falsely claimed this week that almost 40% of Knots nodes — Core’s biggest competitor — had been double counted, giving a false impression of its actual size.

Citing a technical critique of the number of reachable nodes running Knots, they alleged (before deleting many of their posts) that as much as 39% of nodes — 1,758 of 4,468 — were double-counted due to an alleged “sybil attack designed to inflate the number of Knots users.”

For context, the two most popular versions of software for Bitcoin node operators are Core with approximately 80-88% dominance, followed by Knots at approximately 12-19% dominance. 

The exact percentage depends on the estimation methodology.

Read more: Cøbra warns that Knots could threaten Core’s reference status

Claiming 2/5ths of Knots nodes are fake

Bitcoin developer SuperTestnet fueled skepticism on Monday over the quantity of Knots nodes connected to the internet.

He briefly believed he found evidence that node operators were artificially inflating the number of nodes running its software.

Node tracking dashboards like Coin.Dance estimate as much as 19% of nodes on the Bitcoin network are running Knots. However, SuperTestnet alleged that pro-Knots sybil attackers were inflating those numbers.

After de-duplicating the data, he claimed Knots’ real dominance might have been closer to 12.3%.

Other observers were skeptical that any meaningful sybil attack was occurring in favor of Knots.

To the contrary, the rise in Knots nodes might have been “largely all organic” and coincided with purchases of hardware as well as ideological disagreements against Core driving Knots adoption.

Another skeptic of SuperTestnet’s analysis zoomed out to a larger timeframe to visually demonstrate the naturally trending increase in Knots.

A better explanation for ‘most of the recent gap up’

Soon, Bitcoin hardware company Start9 chimed in on SuperTestnet’s analysis, explaining that up to 1,000 of SuperTestnet’s 1,758 suspected sybil nodes were in fact non-sybil nodes from its own storefront.

Start9’s data prompted SuperTestnet to retract most of his earlier claims. CalleBTC, who briefly celebrated SuperTestnet’s dubious statistics, deleted his celebratory post.

A sybil attack against the Bitcoin network involves running fake or duplicate nodes controlled by the same person in order to gain disproportionate influence over statistics or transaction propagation.

People can use sybil tactics to trick users into connecting to their nodes or weighing their influence as more significant than they actually are.

Sometimes, a sybil attack is relatively innocuous. In 2015, for example, some people accused Chainalysis of a carrying out a sybil attack by operating fake nodes to geolocate some Bitcoin users.

Its efforts had nothing to do with affecting transaction propagation or node dominance statistics.

In the case of Knots, if a sybil attack is truly occurring, its leader is probably motivated to advertise Knots as a viable alternative to Core. However, whether there is any sybil attack occurring whatsoever is a matter of ongoing debate.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.