Bitcoin Private has confirmed the allegations made by CoinMetrics, reported by CCN yesterday. Calling them “mathemetically accurate,” the development team says that no one on their team knows where the extra coins wound up. Again, CoinMetrics stated that at least 300,000 of them had already been moved through exchanges.
Due to the low take-up by the Bitcoin community of Bitcoin Private (in which users could essentially have claimed free coins on the BTCP blockchain), this is a significant portion of the overall actual supply of Bitcoin Private, or the supply that is in use.
Bitcoin Private has conducted a full audit of the situation and has determined that the blame is with a single developer. The developer is called airk42. He has not contributed to Bitcoin Private since claiming a bounty and completing an “issue” they had out, which was to tweak the import so that BTCP could “add arbitrary transactions as coinbase inputs at a given block height.”
The developer completes the issue, merges his own code, and is sent his reward. One line of code is missing which allows the fork mine to be exploited due to the nodes not properly verifying the falsified fork blocks. […] The missing line of code is as follows: || tx.vout.size() > 1. We determined this after the CoinMetrics report was released.
Bitcoin Private does not believe the developer in question exploited his own mistake. Instead, they believe an unidentified “bad actor” took advantage of the bug during the establishment of the BTCP blockchain.
During the publicly announced fork mine, a bad actor exploited this bug, creating 2 million coins. It went unnoticed by the contribution team until it was uncovered by CoinMetrics.
According to the official statement on the situation, Bitcoin Private has requested that all exchanges immediately stop deposits and withdrawals of Bitcoin Private.
BTCP Contribution team requested for deposits and withdrawals to be closed on exchanges trading BTCP.
The contribution team is unwilling to point fingers at this time, although despite the use of the shielded addresses, exchanges could potentially reveal the identities if they were legally required to do so. Either a lawsuit or a law enforcement agency would have to bring a valid subpoena against the exchanges which essentially laundered the fake coins.
While Bitcoin Private says it could have been anybody, the odds are high it was someone with an intimate knowledge of the Bitcoin Private codebase, someone who would have been sharp enough to notice the bug and utilize it. It was either the author of the bug, someone in the development team, or someone deeply ingrained in the small community with a strong blockchain development background.
As the code was open source, and the fork-mine was announced on Twitter, anyone with sufficient blockchain development knowledge could have exploited it.
They have “contacted HitBTC,” but HitBTC is unlikely to reveal user information on simple request. Exchanges abide by user agreements which guarantee some level of user privacy. They would be opening themselves up to legal action if they were to easily reveal the identity. Instead, legal channels would be the best option to recover the identity of the hacker.
To fix the issue, Bitcoin Private has announced they will be eliminating all coins held in shielded addresses. This will eliminate the false coins and will also eliminate a number of legitimate coins. It will require a hardfork which essentially rewrites the blockchain, and in the case of transactions sent to exchanges, it might have a negative economic impact.
CoinMetrics has stated they believe less than 20k legitimate BTCP coins exist in shielded addresses along with 1.7–1.8 million illegitimate coins. Our team is favoring an option to hard fork and remove all shielded coins from existence. While this would cause the 20k legitimate coins to disappear, we believe this is preferable to the alternative of leaving the 1.7–1.8 million illegitimate coins in circulation. This would also fix the over-supply issue.
It should be noted that in the original Zcash and Zclassic protocols, it’s possible to move coins out of shielded addresses, to unshielded addresses. Those who hold shielded BTCP coins are advised to do so immediately because the Bitcoin Private contribution team has said they are moving forward with this solution immediately.
There are a couple of potential outcomes.
The first is that the community, including the miners, overwhelmingly agrees with the notion of eliminating all existing shielded coins and thus things move on as Bitcoin Private’s team would like: as if it never happened.
The other is that two Bitcoin Private chains will emerge, one which preserves all of the shielded addresses and one which does not. This is essentially a DAO Hack situation, which resulted in Ethereum Classic, which still exists today and recently saw some price momentum alongside Ethereum.
Another possibility is that this is the end of Bitcoin Private. The community fizzles out and the coin trends toward zero, trading in the sub-cent range. It’s happened dozens of times to other blockchains and is well within the realm of reasonability. Plenty of people have been upset by the revelations, here are a few examples:
The “fix” does not, reportedly, seek to eliminate the creation of shielded addresses, which are the whole point of Bitcoin Private. It just intends to eliminate those coins that are already stored in shielded addresses. Again, as a public service announcement, the author recommends anyone with shielded coins to move them to a transparent address until such a time that the hard fork and update are complete.
It would be interesting if the attacker were to do this.
In short, this story isn’t over. The identity of the attacker is likely to be revealed in the coming months, as grumblings of a lawsuit have been heard.
Featured image from Shutterstock.
Last modified: December 25, 2018 18:41 UTC