Bitcoin Chain Fork Double Spend Incident: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bitcoinchainforkdoublespendincident.php}} {{Unattributed Sources}} thumb|Bitcoin Talk ForumA larger-than-usual block with more transaction inputs was mined and broadcasted, causing a fork in the Bitcoin blockchain. Bitcoin 0.8 nodes managed this well, but pre-0.8 nodes rejected it, resulting in an unexpected split. The 0.8-incompatible chain held about 60% of the mining ha...")
 
(Another 30 minutes. Review of the BIP and tracing back the history of the BIP. Updated with information from the bitcoin wiki. Removed a broken source link which couldn't be found in any archive. Structuring information from the about section to other relevant sections.)
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bitcoinchainforkdoublespendincident.php}}
{{Case Study Under Construction}}{{Unattributed Sources}}
{{Unattributed Sources}}


[[File:Bitcointalk.jpg|thumb|Bitcoin Talk Forum]]A larger-than-usual block with more transaction inputs was mined and broadcasted, causing a fork in the Bitcoin blockchain. Bitcoin 0.8 nodes managed this well, but pre-0.8 nodes rejected it, resulting in an unexpected split. The 0.8-incompatible chain held about 60% of the mining hash power, preventing an automatic resolution. To restore a canonical chain, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7, making the majority hashpower favor the chain without the larger block, eventually causing 0.8 nodes to reorganize to the pre-0.8 chain. During this period, there was a notable double spend, but it was an experiment rather than a malicious act.
[[File:Bitcointalk.jpg|thumb|Bitcoin Talk Forum]]A larger-than-usual block with more transaction inputs was mined and broadcasted, causing a fork in the Bitcoin blockchain. Bitcoin 0.8 nodes managed this well, but pre-0.8 nodes rejected it, resulting in an unexpected split. The 0.8-incompatible chain held about 60% of the mining hash power, preventing an automatic resolution. To restore a canonical chain, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7, making the majority hashpower favor the chain without the larger block, eventually causing 0.8 nodes to reorganize to the pre-0.8 chain. During this period, there was a notable double spend, but it was an experiment rather than a malicious act.


This is a global/international case not involving a specific country.<ref name="newsletter-11414" /><ref name="bips-11433" /><ref name="newsletterarchive-11417" /><ref name="bitcointalk-11434" />
This is a global/international case not involving a specific country.<ref name="bips-11433" /><ref name="newsletterarchive-11417" /><ref name="bitcointalk-11434" />


== About Bitcoin ==
== About Bitcoin ==
"A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected fork of the blockchain. The pre-0.8-incompatible chain (from here on, the 0.8 chain) at that point had around 60% of the mining hash power ensuring the split did not automatically resolve (as would have occurred if the pre-0.8 chain outpaced the 0.8 chain in total work, forcing 0.8 nodes to reorganise to the pre-0.8 chain).
Bitcoin is the largest and first blockchain network, originally launched by an anonymous founder Satoshi Nakamoto.


In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block, thus eventually causing the 0.8 nodes to reorganise to the pre-0.8 chain."
=== About Gavin Andresen ===
Gavin Andresen is one of the lead developers for the bitcoin blockchain.


"During this time there was at least one large double spend. However, it was done by someone experimenting to see if it was possible and was not intended to be malicious."
== About BTC-e ==
BTC-e was one of the largest historic exchanges prior to [[BTC-e Assets Seized By US Authorities|it's shutdown by authorities in 2017]].


"Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.
== The Reality ==
Insufficient testing had been performed on bitcoin blocks<ref name="bips-11433" />. No testing had been performed with blocks that were smaller in size but required more locks to be established on the BerkeleyDB<ref name="bips-11433" />.


Bitcoin 0.8 did not use Berkeley DB. It switched to LevelDB instead, which did not implement the same locking limits as BDB. Therefore it was able to process the forking block successfully.
== What Happened ==
A double-spend transaction occurred due to the blockchain split.


Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs."
"08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.


"08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446"
13:01 – The double spend transaction was included in pre-0.8 fork block 225446"
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.
== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
{| class="wikitable"
{| class="wikitable"
|+Key Event Timeline - Bitcoin Chain Fork Double Spend Incident
|+Key Event Timeline - Bitcoin Chain Fork Double Spend Incident
Line 62: Line 37:
|March 12th, 2013 6:22:02 PM MDT
|March 12th, 2013 6:22:02 PM MDT
|Bitcoin Talk Post
|Bitcoin Talk Post
|The incident and a timeline are posted on the Bitcoin Talk forum.
|The incident and a timeline are posted on the Bitcoin Talk forum<ref name="bitcointalk-11434" />.
|-
|March 20th, 2013 10:34:00 AM MDT
|Post-Mortem Released
|A post-mortem is released by Gavin Andresen with additional details about the incident on the Bitcoin Wiki<ref>[https://en.bitcoin.it/w/index.php?title=BIP_0050&oldid=36239 BIP_0050 Original Version From March 20th, 2013 10:34:00 AM MDT - Bitcoin Wiki] (Accessed Mar 8, 2024)</ref>.
|}
|}


== Technical Details ==
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
"A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected fork of the blockchain. The pre-0.8-incompatible chain (from here on, the 0.8 chain) at that point had around 60% of the mining hash power ensuring the split did not automatically resolve (as would have occurred if the pre-0.8 chain outpaced the 0.8 chain in total work, forcing 0.8 nodes to reorganise to the pre-0.8 chain).
 
In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block, thus eventually causing the 0.8 nodes to reorganise to the pre-0.8 chain."
 
"During this time there was at least one large double spend. However, it was done by someone experimenting to see if it was possible and was not intended to be malicious."
 
"Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.
 
Bitcoin 0.8 did not use Berkeley DB. It switched to LevelDB instead, which did not implement the same locking limits as BDB. Therefore it was able to process the forking block successfully.
 
Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs."


== Total Amount Lost ==
== Total Amount Lost ==
The total amount lost has been estimated at $10,000 USD.
The total amount lost has been estimated at $10,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?


== Immediate Reactions ==
== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Large mining pools reverted their bitcoin clients back to the 0.7 version of the chain.


== Ultimate Outcome ==
== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
The issue was resolved on August 16th, 2013<ref name="bips-11433" /> which forked unpatched nodes off the network.


== Total Amount Recovered ==
== Total Amount Recovered ==
The total amount recovered has been estimated at $10,000 USD.
The total amount recovered has been estimated at $10,000 USD. The individual performing the double spend was not malicious in nature.
 
What funds were recovered? What funds were reimbursed for those affected users?


== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
This situation meant that older nodes which did not implement that improvement proposal or manually increase their number of supported locks would not be able to validate the bitcoin blockchain.
== Individual Prevention Policies ==
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:Placeholder}}
Line 102: Line 89:


== References ==
== References ==
<references><ref name="newsletter-11414">[https://newsletter.banklesshq.com/p/stoppable-finance-lite https://newsletter.banklesshq.com/p/stoppable-finance-lite] (Oct 11, 2022)</ref>
<references>
 
<ref name="newsletter-11414">https://newsletter.banklesshq.com/p/stoppable-finance-lite (Oct 11, 2022)</ref>
<ref name="bips-11433">[https://bips.xyz/50?utm_source=substack&utm_medium=email https://bips.xyz/50?utm_source=substack&utm_medium=email] (Oct 11, 2022)</ref>
<ref name="bips-11433">[https://bips.xyz/50?utm_source=substack&utm_medium=email March 2013 Chain Fork Post-Mortem - BIPS.xyz] (Accessed Oct 11, 2022)</ref>
 
<ref name="newsletterarchive-11417">[https://web.archive.org/web/20221010212053/https://newsletter.banklesshq.com/p/stoppable-finance-lite <nowiki>Stoppable Finance [LITE] - by Donovan Choy - Bankless</nowiki>] (Jul 24, 2023)</ref>
<ref name="newsletterarchive-11417">[https://web.archive.org/web/20221010212053/https://newsletter.banklesshq.com/p/stoppable-finance-lite <nowiki>Stoppable Finance [LITE] - by Donovan Choy - Bankless</nowiki>] (Jul 24, 2023)</ref>
 
<ref name="bitcointalk-11434">[https://bitcointalk.org/index.php?topic=152348.0 A successful DOUBLE SPEND US$10000 against OKPAY this morning. - BitcoinTalk] (Aug 14, 2023)</ref>
<ref name="bitcointalk-11434">[https://bitcointalk.org/index.php?topic=152348.0 A successful DOUBLE SPEND US$10000 against OKPAY this morning.] (Aug 14, 2023)</ref></references>
</references>

Revision as of 11:49, 8 March 2024

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bitcoin Talk Forum

A larger-than-usual block with more transaction inputs was mined and broadcasted, causing a fork in the Bitcoin blockchain. Bitcoin 0.8 nodes managed this well, but pre-0.8 nodes rejected it, resulting in an unexpected split. The 0.8-incompatible chain held about 60% of the mining hash power, preventing an automatic resolution. To restore a canonical chain, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7, making the majority hashpower favor the chain without the larger block, eventually causing 0.8 nodes to reorganize to the pre-0.8 chain. During this period, there was a notable double spend, but it was an experiment rather than a malicious act.

This is a global/international case not involving a specific country.[1][2][3]

About Bitcoin

Bitcoin is the largest and first blockchain network, originally launched by an anonymous founder Satoshi Nakamoto.

About Gavin Andresen

Gavin Andresen is one of the lead developers for the bitcoin blockchain.

About BTC-e

BTC-e was one of the largest historic exchanges prior to it's shutdown by authorities in 2017.

The Reality

Insufficient testing had been performed on bitcoin blocks[1]. No testing had been performed with blocks that were smaller in size but required more locks to be established on the BerkeleyDB[1].

What Happened

A double-spend transaction occurred due to the blockchain split.

"08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.

09:30 – The transaction was included in version 0.8's fork, block 225446

10:08 – Deposit completed, $9800 credited to my BTC-e account

12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.

13:01 – The double spend transaction was included in pre-0.8 fork block 225446"

Key Event Timeline - Bitcoin Chain Fork Double Spend Incident
Date Event Description
March 12th, 2013 6:22:02 PM MDT Bitcoin Talk Post The incident and a timeline are posted on the Bitcoin Talk forum[3].
March 20th, 2013 10:34:00 AM MDT Post-Mortem Released A post-mortem is released by Gavin Andresen with additional details about the incident on the Bitcoin Wiki[4].

Technical Details

"A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected fork of the blockchain. The pre-0.8-incompatible chain (from here on, the 0.8 chain) at that point had around 60% of the mining hash power ensuring the split did not automatically resolve (as would have occurred if the pre-0.8 chain outpaced the 0.8 chain in total work, forcing 0.8 nodes to reorganise to the pre-0.8 chain).

In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block, thus eventually causing the 0.8 nodes to reorganise to the pre-0.8 chain."

"During this time there was at least one large double spend. However, it was done by someone experimenting to see if it was possible and was not intended to be malicious."

"Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.

Bitcoin 0.8 did not use Berkeley DB. It switched to LevelDB instead, which did not implement the same locking limits as BDB. Therefore it was able to process the forking block successfully.

Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs."

Total Amount Lost

The total amount lost has been estimated at $10,000 USD.

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Large mining pools reverted their bitcoin clients back to the 0.7 version of the chain.

Ultimate Outcome

The issue was resolved on August 16th, 2013[1] which forked unpatched nodes off the network.

Total Amount Recovered

The total amount recovered has been estimated at $10,000 USD. The individual performing the double spend was not malicious in nature.

Ongoing Developments

This situation meant that older nodes which did not implement that improvement proposal or manually increase their number of supported locks would not be able to validate the bitcoin blockchain.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 March 2013 Chain Fork Post-Mortem - BIPS.xyz (Accessed Oct 11, 2022)
  2. Stoppable Finance [LITE] - by Donovan Choy - Bankless (Jul 24, 2023)
  3. 3.0 3.1 A successful DOUBLE SPEND US$10000 against OKPAY this morning. - BitcoinTalk (Aug 14, 2023)
  4. BIP_0050 Original Version From March 20th, 2013 10:34:00 AM MDT - Bitcoin Wiki (Accessed Mar 8, 2024)

Cite error: <ref> tag with name "newsletter-11414" defined in <references> is not used in prior text.

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcoin_Chain_Fork_Double_Spend_Incident&oldid=5538"