The BTC (BTC) ecosystem is once again rattled by controversy as accusations fly between core developers, miners and node operators over a coordinated effort to undermine , an alternative implementation of BTC Core. What started as a series of mocking remarks and a leaked live video has escalated into claims of an actual against users running Knots nodes, threatening the decentralized nature of BTC itself.
BTC Knots Nodes Face Attack By Core Devs
Luke Dashjr, Core developer and CTO of Ocean Mining has raised alarms on X social media, users to take extra precautions as bad actors were targeting individual Knot nodes. Dashjr shared a video showing admitting to an attack on Knot nodes.
The CTO highlighted the risk of bandwidth exhaustion, advising users to configure their “maxuploadtarget” setting to mitigate damage from the alleged attack. This warning came amid a growing storm of reports that were overwhelmed with repeated Initial Block Download (IBD) requests—an exploit that forces nodes into a loop of data-heavy syncing.
Anton, a BTC miner at Ocean, shared Understandings on the video shared by Dashjr, that it showed BTC Core developers laughing almost hysterically about the alleged attacks. The footage featured ‘PortlandHODL,’ creator of Marathon’s Slipstream—a transaction-relay service tied to the MARA BTC mining pool—bragging about abusing bandwidth-limited Knots nodes.
According to Anton, this was not just trolling but a calculated sabotage attempt designed to discredit Knots and its users. He urged BTCers to push back against what he as “malicious actors with zero concern about consequences” and to support Ocean pool and Knots instead to preserve .
Consequently, the backlash was swift, with various crypto community members the core developers for the alleged attack. A pseudonymous figure, ClioBTCBanks.sats, on X to scripting automated IBD requests against multiple Knots nodes, even boasting about disguising them as fresh installs. He the act not as an attack but as “defensive return fire” aimed at humiliating Knot operators.
BTCMonk, a miner and Knots runner, the core developers allegedly involved in the attack. He accused PortlandHODL and his peers of openly mocking pleb node operators while . To him, the attacks were evidence of a deeper agenda to weaken and push for adopting “malware” updates in Core v30.
Knots Attack Denied Amid FBI Involvement
As discontent mounted, some crypto community members escalated the matter further by tagging federal authorities. One user that DOS attacks are illegal under US law and urged to investigate individuals such as PortlandHODL for orchestrating the IBD floods.
Interestingly, the narrative took an unexpected twist when one of PortlandHODL’s peers, known as ‘Wicked’ on X, the accusations entirely. In his view, the creator of Slipstream had never attacked at all. Instead, Wicked the entire scandal was an elaborate act of “trolling” that successfully baited Knots supporters into outrage.
According to him, the supposed “attack” was nothing more than banter, and the overreaction—including calls to involve the FBI—only underscored how easily the other side could be provoked.
