Bitcoin SV has been one of the most controversial crypto-asset to ever exist. In the latest news, a BSV user reportedly lost nearly $100,000 due to a multisig script bug. The hackers purportedly exploited the network vulnerability in a bid to steal the assets of a user.
Adam Back, the CEO and Co-founder of Blockstream said,
“Wow, that’s a nasty BSV-only bug. Less than or equal instead of greater than or equal (number of signatures in a multisig). Presume they removed the standard p2sh multisig and replaced with this bugged home-brew multisig due to BSV anti-soft fork posturing, to undo soft-forks.”
The exploit was noted by another Blockstream Co-founder, Gregory Maxwell. Following which well-known Podcaster, Ruben Somsen tweeted,
Multisig bug in BSV exploited, funds stolen🍿
BSV ripped out the existing multisig (p2sh) and replaced it with a threshold script that was SUPPOSED to accept X sigs or more, but instead accepted X or LESS (including zero)🤦♂️
Full thread by Maxwell (nullc)https://t.co/RMmITsoHj9
— Ruben Somsen 🌌⛓️ (@SomsenRuben) November 8, 2020
So what happened with Bitcoin SV?
According to Maxwell, BSV ripped out P2SH from their consensus rules which left the Bitcoin SV ecosystem in a situation where they had to “home brew their own multisig crypto”. The solution to this was “electrumsv” which apparently is just a script that looks like a P2PKH [pay to pubkey-hash]. However, it adds up the number of passes and compares them to a threshold.
The exec went on to explain that the consequence was that these scripts had no security at all and furthermore could be spent by a script that sets is to zero valid signatures. While no real funds were lost and that the flaw was likely accidental, Maxwell added,
“Assuming the flaw was accidental, the error could have been avoided with even the most basic testing or review. This situation would have been avoided entirely had BSV not ripped out the competent, time tested, and highly peer-reviewed mechanisms for multisig by Bitcoin in favor of far less efficient homebrew crypto. Yet again, we see that bamboozlement and competence are not good bedfellows. Leave it to BSV to make the YOLO incompetence of ETH land look comparatively reasonable.”
This is not the first time that Maxwell identified a potential bug in BSV. Even in December 2019, that could be executed to steal unsplit funds of BTC users on the Bitcoin SV chain.
Despite the recent turn of events, BSV’s price action has not shown even a little reaction as it continued to move inside the range. At the time of writing, it was being traded at $165.12 after a minor surge of 1.68% over the past 24-hours.