Hive Engine users, for the past several months Hive Engine has been experiencing a consistent spam attack. Malicious users are deliberately putting multiple transactions per block and spamming them from multiple accounts frequently in an effort to delay block processing and disturb regular use of Hive Engine. This has at times knocked witnesses out of rotation, delayed processing times, gotten RPCs off track, and caused other similar problems.
Our first approach to squash this malicious spam was to simply limit the number of transactions that a user could put in a single block. That has been an effective measure to slow the attack, but it didn't fully solve the problem as we've noticed an increase in annoying spam meant to cause delays processing blocks even with this transaction limit per block. These asshats simply made more accounts.
Bot Transaction Fees when doing multiple transactions in the same block
As a second approach we're implementing a transaction fee into hive engine transactions. Human users will not be impacted. This fix is going live on Monday May 26th, 2025. From that day forward any time an account requests multiple transactions in the same block (which is something only bots do) it will carry a 0.001 BEED/tx fee. You need to simply have BEED in your account and the contract will burn the appropriate amount of BEED at the time the multi-tx transaction occurs. If the account does not have the appropriate amount of BEED then the transactions will be denied.
If you don't know what BEED is it's a HBD equivalent for the hive engine platform. Users can burn a dollars worth of $bee (currently near 10 BEE) and receive a $BEED coin designed to have a stable value near $1/BEED. It's similar to how users can convert a certain amount of hive (currently near 4) into 1 HBD. Impacted users can purchase BEED on the market or use the BEE Dollar contract to convert BEE to BEED.
Monthly Cost - 10 BEED
In the near future we'll be increasing the fee per transaction, but also allowing accounts to join a multi-tx exception list on a monthly basis that enables an account to not have to pay this fee. The anticipated monthly cost is 10BEED. The new multi-tx cost will increase to 0.1/TX/block (if you have 18 TX in a block you'll have to pay 1.8 BEED to process it or 10 BEED/Month to join the to list skip the requirement). This is admittedly meant to encourage all the bots to sign up for the monthly cost and help us track the activity of all the bots to make it easier to look for spam, abuse, and harm.
This monthly cost is not meant to be punitive to the current bot users. It's also not meant to impact human users as humans do not perform multi-tx transactions. If your bot can't generate $10 worth of value every month it doesn't make sense for us to host the transactions anyway or you can simply space your bots transactions out over time via single transaction blocks. While this is a minor financial inconvenience to someone with a handful of bots (and actually seems appropriate to charge high transaction volume users a small use fee, fee goes to BEE holders and not @ hive-engine) it is in fact a major financial inconvenience to someone with a large botnet and bad intentions towards Hive Engine as every bot spamming the platform will incur costs.
Throttle list
Further, we're introducing a "throttle list," which brings accounts down to 1 transaction per day. Accounts that are purposefully spamming Hive Engine with repetitive, random, or intentionally harmful transactions which appear to generate no value for Hive Engine or Hive Engine users will be put on the throttle list and may only do 1 transaction per day. Changing witness votes with 200 hundred accounts a thousand times a day per account is an example of a repetitive transactions with no value to hive engine. Bots that have paid for the monthly access simply to spam will find that their access to the list is cut off and their account is instead placed on the throttle list. The goal is not to block or steal assets. The point is to make sure accounts intentionally causing harm are blocked from doing so. We may later include a complete blackout list which would disable all transactions for a fiercely malicious account or botnet of them, but for now our next step is to limit to 1/tx per day.
The throttlelist is part of a contract, and contracts on Hive Engine are centralized. the @ hive-engine account and other accounts deputized by @ hive-engine can add and remove accounts from this list. It is however part of a contract and requires witnesses to allow hive-engine to add or remove names from the list. If I or deputies abuse this or any reason the witnesses deem appropriate they can block the @ hive-engine account, it's deputies, or the contract specifically from being updated. This balance allows for fast reaction time via a centralized authority, but also a distributed authority to make sure the central authority isn't abusing this power to stop bots generally from contracting on the Hive Engine platform.
This still leaves the possibility that one bad actor may create a hundred thousand accounts and spam 1 transaction per account per day, but there other costs associated with creating and enabling 100,000 accounts such that we think the risk is currently low for that kind of attack.
Thanks
I'd like to thank the witnesses generally for their discussion on this topic as we designed a system with low impact on human users that could stop malicious bots from their network spam. I would like to thank endecs, bamlolx, and drewlongshot for coding this update, and eonwarped for reviewing and helping to implement it.
If you feel that you or your bot are going to be adversely affected-
- You can move your bot to single transactions and not face any fees.,
- You can hold BEED in your account and pay the 0.001 BEED fee per transaction you log in a single block,
- You can contact me directly to be added manually to the multi-tx exception list where if you're on it your account does not have to pay the 0.001 BEED fee per transaction in a block (we're adding the feature where you can pay 10 BEED per month or in advance and keep your spot on this list, but it's all manual as of the deployment in a week),
- You can stop your bot if it's not producing 10 BEED worth of value in a month but doing tens of thousands of transactions,
- You can stop purposefully spamming us with worthless transactions simply to cause harm to the platform, or continue to do it for fun but with a new price for that enjoyment.
Minor Update
We've received some initial feedback on our plans and are adapting slightly. Many well meaning community bots distribute rewards and are heavily reliant on tokens-stake, tokens-transfer, and tokens-issue. Upon initial release we're excluding those three transaction types from the from mult-tx fee requirements.
These specific transactions are all lightweight in terms of processing time and are not a suspected primary attack vector. We'll monitor after initial roll out, and if we decide to ultimately include these 3 token contract actions we'll give 30 days or more notice at such time.
This is wrong. At NFTMart, we implemented features by having users perform actions that require using multiple operations to build a bigger transaction. It makes it possible for users to work with more cards on their games at once and this will remove their ability to do that.
The statement could be interpreted inaccurate, but the objective of stopping endless spam is not "wrong."
We're looking at excepting some of the NFT tokens transfer operations to start. That likely solves your specific problem in the immediacy. The long term however is almost certainly going to include a fee whenever there is a multi-tx transaction unless an account has subscribed to the multi-tx exception list. We'll hopefully have constructive comments during an open period of discussion following the V1 implementation regarding how to do this.
Claiming that it doesn't affect users is complete false or lie or hypocrisy, or sign that you don't understand own platform, or just stupidity...
You just wrong. Obviously it affects all the apps and humans. Look how partial are your updates, like every time you write in future you going to make it better. This is sign that it's wrong direction, you do proper change not half change and act like you going to do follow ups to make it better, common, that's very weak, every few months you do change that breaks projects and fix nothing... I can already imagine how fast you improve it.
You just going to complicate process to the point that making projects with engine will be impossible. Generally my experience with engine is that you sabotage creators, devs, you don't care much, don't listen, act way too late, act blindly. How many times I can fix my project after you breaking it...
Imagine same changes applied to splinterlands, and users paying fees for transfering cards to other users? Users can transfer 20 cards every 3 second? All manually ? like transfering 200 cards to other players take 10 manual transactions every 3 seconds ? like users sits for few minutes and fill form every next block to do next transfer?
Is distribution of rewards like basic transfers affected too? Now I should distribute rewards to users by 500 single txes instead of doing few txes with 20 transactions?
how I explain this to my users that they need to pay extra fees for transfering nfts or buying nfts? How you print nfts to users as project? You pay fees twice to print nfts as creator?
How do you run custom bids for nfts market cause engine never did so, and we did for our projects an you kill it, so stupid...
It's all based on wrong assumptions...
Sad reality is that in last few years you did nothing for your users. You just wake up every few months to make it harder for users.
Few months ago I asked you to use engine power(close to 2M hive power) from staked users funds, for some delegations to engine projects so it's easier for them to exist and you completely ignored me while dropping 20$ votes on mooncart shit posts... It's worth to understand that supporting others do something good for platform, and it's not hard...
Maybe this extreme ignorance and hypocrisy is the reason why people attack your platform? You act likie you want me delete my app and attack your platform? I can. I can do some dirty actions next time you break my app and situation will get much more fun...
This was very long. I noted insults. I noted complaints. I noted villain-arc threats.
I didn't note helpful suggestions or requests.
Let's do this, when you're in an emotional spot where you can act professionally why don't you message me in Discord with suggestions or requests and I'll see what I can do.
This feels very much like the quick and dirty way of solving problems that we used to see from steemit inc back in the day. I remember their brutal rate-limit implementation killing many asyncsteem (python 2 lib) cron scripts and some scripts.
The L1 has pretty much solved problems like this with this with the RC system, that doesn't have devs chasing after the capricious whims of platform devs.
Have you considered implementing something akin to the L1 RC system in engine?
The new change that requires paying BEED for multi-transactions in a block will also affect users. On my platform Hive NFTs and Rising Star Utils users often use multi-transactions when buying/selling/transferring NFTS.
I'd highly recommend making operations require a explicit "fee pay" operation so users don't just start losing balance on applications that are already running with such short notice.
I feel in some situations this is fine, but this definetely impacts players.
Sending/buying/placing on sale/cancelling sales for more than 50nfts at a time can be very normal, and this will impact normal players.
As an ordinary human non-bot user of Hive Engine (or Tribe tokens via other HE front ends), I approve of this idea 😀
On a totally different topic..... is it ever likely that BEED will bring in enough in fees for it to pay interest on staked amounts in a similar way to HBD ?
Value of BEED as fees will accumulate to BEE holders. To make BEED you have to burn BEE. So, BEE holders may get rewarded, and BEED is not a money making token in and of itself.
Thanks for the quick reply ! That makes sense - I think BEE is hugely underrated, so anything which draws more attention to it is a good thing 😀
Fuck the asshats!
Good job Aggroed and team :D
Good work!
I remember waiting for days to get a swap because of their spam attacks.
Very good! Hearing more about improvements to hive-engine is great, making me think about the posibility of running a witness once again.
I had lost faith and interest in h-e with it being in perpetual maintenace mode, perhaps now is a good time to being supporting the ecosystem more.
We are likely to see more of this. A system with cheap or free transactions is vulnerable to attack. I hope this resolves the issue.
Hive make me study, love this.
Great idea. It's annoying to be trading against bots that automatically place bids and asks just above yours.
Very good Hopefully things will go better in the future
Congratulations @aggroed! Your post has been a top performer on the Hive blockchain and you have been rewarded with this rare badge
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPI pray the equation is balanced to avoid affecting users unknowingly.
Nice
IME centralization leads to corruption without exception.