Bitcoin Chain Fork Double Spend Incident

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bitcoin Talk Forum

A larger-than-usual block with more transaction inputs was mined and broadcast, causing a fork in the Bitcoin blockchain. Bitcoin 0.8 nodes managed this well, but pre-0.8 nodes rejected it, resulting in an unexpected split. The 0.8-based incompatible chain held about 60% of the mining hash power, preventing an automatic resolution. To restore a consistent chain, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7, making the majority hashpower favor the chain without the larger block, eventually causing 0.8 nodes to reorganize to the pre-0.8 chain. During this period, there was a notable double spend, but it was an experiment rather than a malicious act.

This is a global/international case not involving a specific country.[1][2]

About Bitcoin

Bitcoin is the largest and first blockchain network, originally launched by an anonymous founder Satoshi Nakamoto.

About Gavin Andresen

Gavin Andresen is one of the lead developers for the bitcoin blockchain.

About BTC-e

BTC-e was one of the largest historic exchanges prior to it's shutdown by authorities in 2017.

The Reality

Insufficient testing had been performed on bitcoin blocks[1]. No testing had been performed with blocks that were smaller in size but required more locks to be established on the BerkeleyDB[1].

While node operators were instructed to test and increase the setting, the default settings for number of BerkeleyDB locks were inadequate to meet the requirements of the worst-case valid block[1].

What Happened

The bitcoin blockchain split into two, with 0.8+ version nodes running a separate chain. A double-spend transaction was able to occur against the BTC-e exchange at this time.

Key Event Timeline - Bitcoin Chain Fork Double Spend Incident
Date Event Description
March 12th, 2013 2:08:00 AM MDT BTC-E Deposit Made "Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee."[2]
March 12th, 2013 3:30:00 AM MDT Transaction Included "The transaction was included in version 0.8's fork, block 225446"[2]
March 12th, 2013 4:08:00 AM MDT Credit To BTC-E Account "Deposit completed, $9800 credited to my BTC-e account"[2]
March 12th, 2013 6:53:00 AM MDT Replay Withdrawal To Pre-0.8 Chain "After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction."[2]
March 12th, 2013 7:01:00 AM MDT Double Spend Transaction Included "The double spend transaction was included in pre-0.8 fork block 225446"[2]
March 12th, 2013 12:22:02 PM MDT Bitcoin Talk Post An article about the double spend and the timeline of events is posted on the Bitcoin Talk forum[2]. The sequence of events began with a deposit of $10,000 worth of Bitcoins to BTC-e over OKPAY's Bitcoin payment, resulting in $9800 credited to the BTC-e account. However, it was later realized that the transaction was never confirmed by the pre-0.8 fork, prompting the initiator to execute two double spend transactions on two of the vins of the OKPAY transaction. These transactions were broadcasted with the raw transaction API, each including a 0.001 BTC transaction fee. Subsequently, the double spend transaction was included in the pre-0.8 fork block 225446. This incident raised concerns about the security of Bitcoin transactions and prompted discussions about potential solutions to prevent similar occurrences in the future, highlighting the need for heightened vigilance among merchants considering Bitcoin transactions[2].
March 13th, 2013 3:49:16 AM MDT Announcement Of Fund Return Okpay announces that the funds have been returned in the BitcoinTalk forum[3].
March 13th, 2013 3:57:47 AM MDT Funds Returned In Blockchain Blockchain transaction believed to be the return of the funds which were taken through the double-spend[4].
March 20th, 2013 10:34:00 AM MDT Post-Mortem Released A post-mortem / bitcoin improvement proposal is released by Gavin Andresen with additional details about the incident on the Bitcoin Wiki[5]. The BIP number 50 is assigned shortly thereafter.
March 20th, 2013 11:01:00 AM MDT Gregory Maxwell Contributes Gregory Maxwell expands the BIP article to include that all versions of the bitcoin client prior to 0.8 would fail to process the 0.8 version block and added more details. Interestingly, block sizes were set to 500Kb at this time[6].
March 22nd, 2013 9:38:00 AM MDT Randy Brito Critical Contribution Randy Brito (of Bitcoin Venezuela)[7] changes "broadcast" to "broadcasted"[8], despite both being correct and "broadcast" being in far more common use globally[9].
May 7th, 2013 12:31:00 PM MDT Alert System Online One step of the planned resolution was to implement an alert system in the bitcoind client. This includes 52 test alerts, which are designed to test out whether the alert system is functional or not. Gavin Andresen marked the feature task complete on the Bitcoin Wiki[10], after erroneously marking the test alerts complete[11].
June 22nd, 2013 5:50:00 AM MDT Test Alerts Set Up The test alerts are finally set up, allowing clients to test out the alertnotify feature with weekly notifications[12]. There is also an alert which is set up to automatically trigger if a longer side-chain is detected, although this feature is still "pending review"[13].
August 13th, 2013 3:01:00 AM MDT Side Chain Alert Patch Merged In The automatic alerts if a side chain is detected is merged into bitcoin core[14].
August 16th, 2013 Block 252451 Rejected The acceptance of block 252,451 by the main chain marked the first time that unpatched nodes were no longer able to use the bitcoin blockchain[15][16].
August 25th, 2013 4:55:00 PM MDT Gavin Andresen Wrong Block Gavin Andresen updates the Bitcoin Wiki to indicate the resolution of the situation, however he claims that block 22,451 was the fork point and gives a date of August 22nd, 2013[16]. This is corrected within 10 minutes[15].
October 20th, 2013 10:57:00 PM MDT Peter Todd Archives BIP Peter Todd moves the content of the Bitcoin Wiki to be archived on Github[17].
December 6th, 2013 1:08:00 AM MST BIP Moved To Github The bitcoin improvement proposal is relocated to Github via an official blanking out of the Bitcoin Wiki page[18].
February 8th, 2016 9:57:00 PM MST Luke Jr Revision Luke Jr prepares a large number of revisions to improve the clarity of the bitcoin improvement proposal[19].
July 13th, 2019 4:25:00 AM MDT Hack Used As Example Eric Wall references the chain split in a discussion to refute the statement that "The Bitcoin blockchain has never been hacked"[20].
October 10th, 2022 8:52:34 AM MDT Stoppable Finance Bankless Article The incident is included in an article by Stoppable Finance when comparing bitcoin against Solana[21]. "Bitcoin has had two network outages since its inception"[21].

Technical Details

"A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected fork of the blockchain. The pre-0.8-incompatible chain (from here on, the 0.8 chain) at that point had around 60% of the mining hash power ensuring the split did not automatically resolve (as would have occurred if the pre-0.8 chain outpaced the 0.8 chain in total work, forcing 0.8 nodes to reorganise to the pre-0.8 chain).

In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block, thus eventually causing the 0.8 nodes to reorganise to the pre-0.8 chain."

"During this time there was at least one large double spend. However, it was done by someone experimenting to see if it was possible and was not intended to be malicious."

"Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.

Bitcoin 0.8 did not use Berkeley DB. It switched to LevelDB instead, which did not implement the same locking limits as BDB. Therefore it was able to process the forking block successfully.

Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs."

The transaction, presently invalid based on the current bitcoin blockchain[22][23]:

12814b8ad57ce5654ba69eb26a52ddae1bff42093ca20cef3ad96fe7fd85d195

https://web.archive.org/web/20130315031720/http://blockchain.info/tx/12814b8ad57ce5654ba69eb26a52ddae1bff42093ca20cef3ad96fe7fd85d195


Payout transaction: https://www.blockchain.com/explorer/transactions/btc/cf7121622d6b208357b2a115cc75a9be283f8996dd7d6f612923b30f600bcadd


[24]

gmaxwell answered it:  a large majority of mining power switched to running 0.7 -- which meant restarting the miners and clearing their memory pools.  With the right dynamics, a rebroadcast would not repropagate because most nodes had not been restarted and would not rebroadcast it.  Thus, those miners that restarted, started mining without it, and accepted the double-spend as a first-spend.

Total Amount Lost

The total amount lost has been estimated at $10,000 USD.

Immediate Reactions

Large mining pools BTC Guild and SlushPool reverted their bitcoin clients back to the 0.7 version of the chain and continued to mine on 0.7. This resulted in 0.7 resuming the longest chain.

Ultimate Outcome

The issue was resolved on August 16th, 2013[1] which forked unpatched nodes off the network.

Total Amount Recovered

The total amount recovered has been estimated at $10,000 USD. The individual performing the double spend was not malicious in nature.

Ongoing Developments

This situation meant that older nodes which did not implement that improvement proposal or manually increase their number of supported locks would not be able to validate the bitcoin blockchain.

Individual Prevention Policies

This case does not appear to have resulted in a loss to any individual.

Based on the research, losses were noted against large exchange platforms only. There were no cases reported where an individual lost funds.

While such situations are rare, if a large value is being transacted, it makes sense to wait for a larger number of confirmations before

Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

This case does not appear to have resulted in a loss to any platform.

Platforms should remain vigilant and have systems in place to receive news of any anomalies present in the blockchain. In the event of anomalies, received transactions should be placed in a pending state until the anomaly has resolved itself.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

As this situation took place at the protocol layer, prevention through process is challenging. The only solution which can work 100% is to insure wallets against double-spend attacks.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

It does not appear that any funds were lost in this case.

Platforms should remain vigilant and have systems in place to receive news of any anomalies present in the blockchain. In the event of anomalies, received transactions should be placed in a pending state until the anomaly has resolved itself.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 1.4 March 2013 Chain Fork Post-Mortem - BIPS.xyz (Accessed Oct 11, 2022)
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 A successful DOUBLE SPEND US$10000 against OKPAY this morning. - BitcoinTalk (Aug 14, 2023)
  3. OkPay - "The payment has been successfully completed" - BitcoinTalk (Accessed Mar 13, 2024)
  4. Transaction Returning The Funds - Blockchain.com (Accessed Mar 13, 2024)
  5. BIP_0050 Original Version From March 20th, 2013 10:34:00 AM MDT - Bitcoin Wiki (Accessed Mar 8, 2024)
  6. BIP 0050 Gregory Maxwell Changes - Bitcoin Wiki (Accessed Mar 14, 2024)
  7. Randy Brito User Profile - Bitcoin Wiki (Accessed Mar 14, 2024)
  8. Randy Brito Broadcasted Change - Bitcoin Wiki (Accessed Mar 14, 2024)
  9. Broadcast Versus Broadcasted - Michigan Public (Accessed Mar 14, 2024)
  10. Gavin Andresen Marks Alert System Complete - Bitcoin Wiki (Accessed Mar 15, 2024)
  11. Test Alerts Marked Complete - Bitcoin Wiki (Accessed Mar 15, 2024)
  12. Test Alert System Online - Bitcoin Wiki (Accessed Mar 15, 2024)
  13. Side Chain Alert System Pending Review - Bitcoin Wiki (Accessed Mar 15, 2024)
  14. Side Chain Alert System Merged In - Bitcoin Wiki (Accessed Mar 15, 2024)
  15. 15.0 15.1 Unpatched Nodes Forked Off Chain - Bitcoin Wiki (Accessed Mar 15, 2024)
  16. 16.0 16.1 Block 22451 Is Rejected - Bitcoin Wiki (Accessed Mar 15, 2024)
  17. BIP 0050 Archived On Github - Github (Accessed Mar 15, 2024)
  18. BIP 0050 Relocated To Github - Bitcoin Wiki (Accessed Mar 15, 2024)
  19. Changes By Luke Jr To BIP Article - Github (Accessed Mar 15, 2024)
  20. ercwl - "$10,000 double-spend against OKPAY as a result of the 2013 LevelDB/BerkeleyDB chainsplit" - Twitter (Accessed Mar 12, 2024)
  21. 21.0 21.1 Stoppable Finance [LITE] - by Donovan Choy - Bankless (Jul 24, 2023)
  22. Double Spent Deposit To BTC-E - Blockchain (Accessed Mar 12, 2024)
  23. Blockchain Transaction Double-Spent Deposit To BTC-E - Blockchain Archive March 14th, 2013 9:17:20 PM MDT (Accessed Mar 12, 2024)
  24. https://bitcointalk.org/index.php?topic=152348.msg1617466#msg1617466 (Accessed Mar 13, 2024)

Cite error: <ref> tag with name "newsletter-11414" defined in <references> is not used in prior text.

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcoin_Chain_Fork_Double_Spend_Incident&oldid=5565"