Better use the original … and keep patching promptly.
A severe bug discovered just weeks ago in bitcoin’s code has been exploited – albeit on a lesser-known cryptocurrency.
The developers behind the pigeoncoin cryptocurrency confirmed the exploit to CoinDesk on Tuesday, reporting that an unknown attacker successfully took advantage of the bug on September 26th, showcasing in the wild how it could have been used on bitcoin by printing 235 million coins worth about $15,000.
That’s because while the severe inflation bug was patched on bitcoin, other coins that have borrowed bitcoin’s public code over the years are still vulnerable (if they haven’t corrected their code). If exploited, the bug gives an attacker the ability to print as many coins as they want, going even above the hard-coded limitations on supply cryptocurrencies often have and decreasing the value of all the other coins investors hold.
Set apart by its X16r mining algorithm, pigeoncoin is not exactly a big cryptocurrency, not even ranking in the top 1,000 in terms of how valuable it is compared to others on CoinMarketCap. Still, the attack may be no less impactful on its efforts to use a blockchain to “end abusive data collection.”
With a total supply of 970 million pigeoncoins, the attacker was able to print an amount equal to one-fourth of all publicly traded pigeoncoins, prompting one of the only exchanges to support the currency, CryptoBridge, to temporarily suspend trading while developers moved to enact a fix.
After the inflation was detected, developers of the coin quickly released a software fix borrowing from the code bitcoin developers put out a couple of weeks ago. “Pools and exchanges must upgrade immediately to resolve a double-spend exploit derived from bitcoin source,” the notes for the fix explain.
But while users might not particularly care about what happens to the little-known coin, the exploit has wider implications for the cryptocurrency world.
Cryptocurrency developer Scott Roberts argued that the main takeaway from this event is that the bitcoin bug was really as bad as it sounded:
“Mainly it’s just nice to know for sure by this example that coins in the wild were really vulnerable. It was not just some vague theoretical problem.”
Now the bug is fixed, observers are wondering what the attacker will do and whether he or she will successful be able to trade their gains for fiat money. In order to do so, the attacker most likely will need to convert their pigeoncoin into another cryptocurrency that’s more widely accepted.
“Many of us are now waiting to see what happens with the hacked coins and if there’s going to be a dump soon,” pigeoncoin developer Michael Oates told CoinDesk.
The community is following the events closely in the pigeoncoin Discord chat channel. “My guess is the funds won’t move for a few days. It would be stupid to try and move them all at once,” Oates added on Discord.
The other big concern is, if pigeoncoin was attacked, what about other coins that have cloned bitcoin’s code?
“It would be interesting to see how many coins suffered an attack due to [the] bug,” Roberts told CoinDesk, adding that pigeoncoin is the only one he knows has been exploited so far.
Still, Roberts added that many cryptocurrencies, such as bitcoin gold and litecoin, have now upgraded, so hopefully the same attack won’t be executed on other coins.
“It looks like most coins have already updated, so it’s not likely to be a problem.”