On December 23, 2018, CoinMetrics released an article purporting a recent discovery concerning the Bitcoin Private fork. Per the report, an independent third-party technical audit uncovered that a large quantity of Bitcoin Private coins (approximately 2 million BTCP) were allegedly created during the fork-mine. Upon public release of the article, our Core Team of developers immediately launched an investigation to ascertain whether or not the alleged findings of an additional amount of BTCP coins were true. It should be noted that the BTCP Contribution Team had no prior knowledge of these reports before they were released to the public.
After performing our own due diligence, Bitcoin Private can officially say with certainty that these findings are mathematically accurate. However, at this time, the source, purpose, and recipient of this exploit is currently unknown to the Bitcoin Private Contribution Team.
What Really Happened?
Per the findings of our internal audit, the following is an accurate timeline of events pertaining to the underlying issue set forth in the CoinMetrics report:
- A bounty for a specific issue was posted, which can be seen here: https://github.com/BTCPrivate/BitcoinPrivate/issues/3
- A developer accepted the bounty, becoming a BTCP developer. He was promoted to a contributor on GitHub, allowing him to merge pull requests.
- The developer completes the issue, merges his own code, and is sent his reward. One line of code is missing which allows the fork mine to be exploited due to the nodes not properly verifying the falsified fork blocks. The code can be found here and was merged on January 5: https://github.com/BTCPrivate/BitcoinPrivate/pull/27/files#diff-7ec3c68a81efff79b6ca22ac1f1eabbaR3363. The missing line of code is as follows: || tx.vout.size() > 1. We determined this after the CoinMetrics report was released.
- After collecting the bounty, the developer in question stopped working on the BTCP project. The contribution team has not heard from him since January. We have reached out to him for comment.
- During the publicly announced fork mine, a bad actor exploited this bug, creating 2 million coins. It went unnoticed by the contribution team until it was uncovered by CoinMetrics.
- Coinmetrics notices something is not correct with the supply. They investigate and uncover the exploit.
- BTCP Contribution team begins it’s own investigation to uncover the bad actor and determine the best way to move forward.
- BTCP Contribution team requested for deposits and withdrawals to be closed on exchanges trading BTCP.
The fundamental benefit of open source development is that ability for contributors of the community to to view and help fix the code. This worked in favor of Bitcoin Private when a particular developer discovered an exploit in our code that would have allowed anyone to mine the SegWit coins, which we were able to patch within 24 hours. Unfortunately, however, open course development has its negative attributes as well: the person who discovered the fork-mine vulnerability acted in bad faith and willfully opted not to report it. As the code was open source, and the fork-mine was announced on Twitter, anyone with sufficient blockchain development knowledge could have exploited it.
Bugs are something we dealt with significantly during the month of February leading up to the fork. Much of the code work performed in January was by open source developers who wrote their code, collected their bounty, and subsequently left the Bitcoin Private Development Team. After performing extensive code review in late January in preparation for the BTCP fork, a number of bugs were uncovered and rectified before the fork occurred in the best interests of protecting community members and the project itself. One such bug that was resolved was a serious issue found within the original 2-way replay protection code which took weeks to fix. While we regret that all the bugs in Bitcoin Private source code were not discovered prior to the fork, technological instances such as this are common in this space, and it is unfortunate that the bug was not remedied in time despite the diligent efforts put forth by the entire Bitcoin Private development community.
Unbeknownst to Bitcoin Private, approximately two (2) million BTCP coins that were never intended to exist on the blockchain chain were created and moved to a shielded address. According to CoinMetrics, as much as 300,000 illegitimate BTCP were deshielded, though it is unclear at this time if these coins were sent to an exchange or used/stored elsewhere.
While it is not beneficial for a bug such as this to exist, in the case of Bitcoin Private, this particular exploit could only be taken advantage of during the fork mine, which already occurred earlier this year. Therefore, it is impossible for this particular bug exploit to occur again, nor can it be further exploited.
Who Did It?
Because the fork mine was public, anyone with a sophisticated working knowledge of blockchain development could have exploited the code bug. At this point, the only thing we can be sure of is that the BTCP Contribution Team did not know about the exploit until it was uncovered by CoinMetrics.
We have contacted HitBTC about the situation and are hopeful that the bad actor might be uncovered. The CoinMetrics team has been included in this email for full transparency. We are hopeful that with their forensic expertise in blockchain, we will be able to find the bad actor, expose them, and report them to the proper authorities. If suggested by CoinMetrics, we are willing to contact any and all exchanges as needed to uncover the truth of the matter.
What Else Can We Do?
While the coins exist, we do have options to fix this. We have come up with two potential plans and would like to hear community feedback on the options:
- CoinMetrics has stated they believe less than 20k legitimate BTCP coins exist in shielded addresses along with 1.7–1.8 million illegitimate coins. Our team is favoring an option to hard fork and remove all shielded coins from existence. While this would cause the 20k legitimate coins to disappear, we believe this is preferable to the alternative of leaving the 1.7–1.8 million illegitimate coins in circulation. This would also fix the over-supply issue.
- We could perform a hard fork to remove all unmoved coins, which we believe to be greater than 12 million BTCP. This would fix the supply issue, but would not remove the illegitimate coins.
WE INTEND TO PROCEED WITH CODING OPTION #1 IMMEDIATELY. If we see consensus from the community on moving forward with this option, then the hard fork will be coordinated and initiated as soon as possible. It is possible that the bad actor could begin moving those coins out of the shielded pool to avoid their destruction. In a worst case scenario, we could use a snapshot of the chain just prior to deshielding the 1.7 million coins and roll the chain back in time. We hope we will not have to do this but will continue to monitor the chain. In the meantime, we request that all exchanges close deposits and withdrawals of BTCP to mitigate any damage that could be done to the network. WE ALSO SUGGEST THAT ALL USERS PROCEED WITH CAUTION NOW WHEN MOVING COINS.
Bitcoin Private wants to officially thank the CoinMetrics team for uncovering the exploit. We have opened a line of communication with CoinMetrics with the intentions of working in concert to uncover more about what transpired and how to we can prevent anything like this occurring in the future. Not just for Bitcoin Private, but for the cryptocurrency community as a whole.
We want to remind the community that the BTCP Contribution Team rewards users for finding bugs in the code and reporting them, with the reward reflective of the severity of the exploit. We encourage the Blockchain Community and the general public to report any potential bugs or exploits to email@example.com or through our GitHub repo: https://github.com/BTCPrivate.