BITCOIN ASSOCIATION

DESCRIPTION OF EVENTS

"One of these features, the so-called pay-to-script hash (P2SH) function, allows a user to send a transaction by signing it to a “script” rather than a public key address. These scripts create special conditions that must be met in order to access the bitcoins sent to them, and they are most often used in multisignature transactions – or, transactions that require more than one party to approve.

Before P2SH transactions came to Bitcoin in 2012, Bitcoin’s only transaction type would send payments to a public key address through the pay-to-public-key-hash (P2PKH) function."

"Bitcoin Core developer and former Blockstream CTO Gregory Maxwell posted on Reddit’s r/bsv that BSV developers removed the P2SH feature some time ago from the BSV blockchain’s code. In the ElectrumSV wallet (“and presumably elsewhere,” Maxwell says in the post), developers replaced the feature with a bootleg, BSV-specific version called “accumulator multisig” that utilized P2PKH transactions instead."

"According to Maxwell, the code’s architects only checked to see if the multisig transactions would work with the exact number of private keys needed to send the transaction (a multisig wallet requires more than one private key to authorize a transaction). They did not test transactions if more or fewer keys than necessary are present."

"In his testing, Maxwell found two significant problems: first, that multisig spends fail if more than the minimum number of keys sign a transaction. Second, anyone could tap the multisig funds “with too few signatures (such as none at all).”"

"One BSV user, Aaron Zhou, lost 600 BSV to an attack exploiting this weakness on his multisignature wallet. When enquiring about the loss to a developer in a BSV chatroom, Zhou said that he trusted “it was safe enough” because “it was introduced by CoinGeek,” a pro-BSV media outlet bankrolled by Calvin Ayre, a close friend of BSV creator Craig Wright. By way of response, a developer in the chat chastised Zhou by saying he should only have committed “small amounts” to the wallet."

"The fiasco is a reminder that cryptocurrency development comes with trade-offs and requires diligence. BSV’s founders and proponents have marketed it as payments-focused coin with massive block sizes and blisteringly fast transaction times. To achieve these properties, BSV developers chose to strip Bitcoin’s code of key features. As evidenced by the multisig fiasco, this can come at the expense of security."

“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I'm not going to run any of it and risk finding out.”

As a separate token, BSV developers went a different path with their multi-signature implementation, and due in part to the controversy surrounding the token, struggled to find professional reviews of their approach. Due to multiple blunders, they ended up with a setup which allowed multi-sig withdrawals without any private keys at all, and multiple BSV multi-sig wallets were drained.

HOW COULD THIS HAVE BEEN PREVENTED?

Multi-signature exploits are rare, and based on the case history, appear to be preventable by proper professional review and/or only using established setups that have been around for over a year.

Check Our Framework For Safe Secure Exchange Platforms

No Title (Aug 3)
@dailyzhou Twitter (Aug 3)
Flaw in Bitcoin SV Multisig Wallet Puts Funds at Risk (Sep 2)
@ElectrumSV Twitter (Sep 2)
BSV payment gateway Archives | CoinPayments Blog (Sep 8)
Aaron Zhou - Bitcoin Association (Sep 8)

More case studies

Cheese
Bank Heist

Keep3rLink Fake
CertiK Audit