MacCoin — A fake cryptocurrency (Postmortem)
A look back at McMaster Software Engineering’s 2018 Kipling prank
The night before the Ritual of the Calling of the Engineer, each engineering faculty at McMaster University sets up a prank for the rest of the school to enjoy during our special day. Past pranks have included building a bridge on campus, a maze, and a water fountain. Each faculty creates a prank that fits in their field of study, generally making nerdy jokes and showing off some of their building skills.
The coolest pranks in past years have typically been civil engineering ones — they build things that everyone on campus can appreciate and are usually very visible. In my years at McMaster, software engineering’s Kipling pranks have been lackluster, primarily due to them being pretty niche and only understandable by other engineers.
The software class of 2018 decided this year to put our foot down and try to make something that would be funny, accessible, and cool all at once. We decided to take advantage of the cryptocurrency fad and create McMaster’s very own cryptocurrency: MacCoin!
We looked into the possibility of creating an actual cryptocurrency for the school, but decided that doing so would actually make it less accessible to the public of McMaster, which went against the whole goal. Our final design ended up pitting faculties against eachother: each person could align their wallet of MacCoin with a faculty, each of which would appear on a leaderboard on the main page.
The webapp was hosted on maccoin.ca, and let users mine for coins by leaving their browser open to the “mining” page. Every 5 seconds, 10,000 MacCoin would be released split among all active miners — if there were 5 people mining then each would receive 2,000 MacCoin. Wallets were also allowed to send MacCoin to other wallets.
The functionality offered by MacCoin is actually quite similar to the way that a Bitcoin mining pools might function — when a block is successfully mined by the pool, it is split between the members of the pool. While those familiar with the how Bitcoin works will know that the truth is more complex, MacCoin did a good job of abstracting away the more complex aspects and presenting a simplified representation of a regulated currency.
MacCoin was developed by a small group of graduating engineers (credits at the bottom of this article). Development started at 1:00pm on March 22nd and version 1.0 was released to the public at 8:00am on the 23rd (yes we stayed up all night).
Marketing and graphics were all completed on the 22nd — this involved making MacCoin posters and stickers, posting all of them around campus, as well as putting them on the screens of JHE, the engineering building in the middle of campus. By putting them up overnight, it meant that as students came to campus on the 23rd for class, the word spread quickly about McMaster’s new “cryptocurrency”.
Everyone we talked to loved the prank! Most people thought it was a great gag, especially due it’s topical nature.
Here are some juicy usage stats:
We had an email set up that received quite a few emails with support and memes.
We developed MacCoin to only allow mining by browser windows that were actively open and focused. This meant that on one computer, only one wallet could be mining at a time. There were some interesting workarounds to this system. A few members of PhaseOne, McMaster’s community for developers, shared their methods for increasing their mining — including running AWS instances and using custom greasemonkey scripts to fool the browser into believing that all tabs were focused.
We put a significant amount of time into making it difficult to use one machine to mine for multiple wallets, but ultimately without a proper proof of work, we were bound to have people game the system. This is an interesting insight as it relates to the way that actual cryptocurrencies function — proof of work is used to prevent hostile takeover of the blockchain.
Infinite Money Glitch
The project went off to a great start — hundreds of accounts were created as more and more students came to campus and saw the marketing campaign for MacCoin. Students were aligning their wallets with their respective faculties, and as with any cryptocurrency, the early adopters ended up with a lot of coins while late adopters were scrambling for pennies.
Everything was working as intended, including sending money, until 10:53 am when wallet
1ahva tried to send -10,000 MacCoin to a friend. While the system had checks in place to make sure that enough money was available in the sending wallet, we didn’t check to make sure that amount was positive. In our tiredness, we completely missed this glitch and it led to mayhem. By sending negative money, a wallet could steal money from another wallet. In total, 335 negative transactions happened before we put out a patch to fix the bug.
Fixing what was broken
While a bug like ours in a real cryptocurrency would have been difficult to reverse without rolling back the entire blockchain, the fact that MacCoin was completely fake (centralized) allowed us to change transactions and reset wallet balances without affecting all of our users.
We tried a few early methods to undo the damage done. The simplest solution would be to simply reverse all negative transactions. Unfortunately, this wouldn’t fix situations where the fraudulent money changed hands multiple times, as all transactions but the first one would be legit (even though they used stolen money). Another solution was to write an algorithm that would correctly track down the stolen money and return it to the rightful owners. Unfortunately, we were missing a key part of this information to be able to put this algorithm into effect: we didn’t know how much each user had mined. We ended up settling on a different method: going in manually and righting the wrongs.
To help with the process of finding fraudulent wallets, we created some graphs that showed transactions between wallets, to identify where fraudulent money may have gone. Each of these graphs represented a “nest” of wallets that were involved with eachother. Because MacCoin had only been live for a few hours, the majority of these nests were relatively small, such as this one:
This graph only has 2 wallets, and it’s easy to figure out that the correct fix would be to simply reset 74p9c to 0, and give the 300,000 MacCoin that they stole back to xy95u. While this nest is easy to fix, others got more complex very quickly. In all, we had 11 nests, totalling 85 wallets that could have potentially been caught up in fraud. The most complex of these was this one:
In situations like this, it was much more difficult to come to a conclusion, and many of the wallets just ended up being reset to 0.
Overall, the process of building a (fake) cryptocurrency as a graduation prank was fulfilling, exhausting, and hilarious at the same time. The team behind MacCoin hopes that it will go down in history as one of the better Software Engineering pranks at McMaster University — even if it doesn’t, it was a blast to make and really cool to create our own little campus phenomenon. Thanks to everyone who participated in the prank!
Graphics and Branding: Surinder Gill
Writer: Daniel Cefaratti
Development: Jemar Jones, Vicky Bilbily, Yash Gopal, Niko Savas
Marketing: Sharon Platkin, Ocean Cheung, Sydney Lieng, David Hemms, Lucas Bongers, Sam Hamel, Sammy Jackson