Jul 20, two thousand fourteen at 11:20 UTC by Kadhim Shubber
Do you know where your bitcoins are right now? Hopefully they’re still in your wallet where you left them, but the history of bitcoin is littered with human error, poorly implemented software and heists that would make even the most hardened of Wild West outlaws peak their hat in respect.
Bitcoin is a man-made, open-source technology – not a bounty passed down from the heavens. Just to drive that point home, here are the nine thickest screwups in bitcoin history.
9. That time someone hacked ninety two billion BTC into existence
On 8th August two thousand ten bitcoin developer Jeff Garzik wrote what could be mildly described as the thickest understatement since Apollo thirteen told Houston: “We’ve had a problem here.”
“The ‘value out’ in this block is fairly strange,” he wrote on bitcointalk.org, referring to a block that had somehow contained ninety two billion BTC, which is precisely 91,979,000,000 more bitcoin than is ever supposed to exist.
CVE-2010-5139 (CVE meaning ‘common vulnerability and exposures’) was frighteningly ordinary and exploited to the point of farce by an unknown attacker. In technical language, the bug is known as a number overflow error.
So instead of the system counting up 98, 99, 100, 101, for example, it broke at ninety nine and went to zero (or -100) instead of 100. In layman’s terms, someone found a way to flood the code and create a ridiculously large amount of bitcoin in the process.
The fix was the bitcoin equivalent of dying in a movie game and restarting from the last save point. The community simply hit ‘undo’, hopping back to the point in the blockchain before the hack occurred and commencing anew from there; all of the transactions made after the bug was exploited – but before the fix was implemented – were effectively cancelled.
How serious was it? Bitcoin’s lead developer Wladimir Van Der Laan is pretty blunt about it, telling me: “It was the worst problem ever.”
Perhaps, but bitcoiners have seemingly been attempting to trump it ever since.
8. Erm, this version of bitcoin doesn’t work with my old one
Think about the amount of money being ploughed into bitcoin: $240m of venture capital funding to date. Now think about the number of people who work full-time on the core protocol (it’s two, by the way). The outcome of this disparity is rather predictable – software problems that would otherwise be ironed out and spotted by a team of well-resourced developers inevitably sneak through.
The most latest major issue occurred when Bitcoin Core version 0.8 was released in March 2013. Put simply, it wasn’t compatible with previous versions.
Reminisce the terror that accompanied upgrading your old Windows PC because none of the software would work afterwards? That happened with bitcoin.
Version 0.8 permitted for larger blocksizes than older versions could treat. With half the network upgraded and the other half still sitting on version 0.7 or older, the danger was that two versions of the bitcoin ledger would emerge.
As with the ninety two billion bitcoin problem, the community sounded the alarm and coerced a hard fork back to version 0.7 while the issue was resolved.
Disaster avoided, narrowly. But this wasn’t deep in bitcoin’s early history – this was just over twelve months ago. It’s not for nothing that people are calling for more resources to be dedicated to bitcoin’s development.
Ok, that’s most likely enough piling on to bitcoin’s core developers – on to everyone else.
7. Mt. Gox. Twice.
I’m going to keep this one brief, because we all kind of know the score on this one. Originally founded as a trading card site, Mt. Gox grew to become bitcoin’s largest bitcoin exchange, helmed by French-born Mark Karpeles who unadvisedly wrote all of the site’s code by himself without oversight or review by others.
The outcome of this foolhardy treatment to development? In two thousand eleven Mt. Gox was hacked, with the attacker driving the price down to just fractions of a dollar from highs of $30 by mass selling on the platform. Then this year the big one – $340m vanished and Mt. Gox toppled.
In a latest interview with the Wall Street Journal, Karpeles was apologetic, telling that “t he weakest point of my company was management ” – which is code, for “me”.
It’s not hard to find people who don’t believe Mt. Gox was hacked and instead think that Karpeles ran off with the cash, but with a police investigation ongoing the truth will hopefully come out and we’ll know for certain just what went on at Mt. Gox.
6. Ever heard of bcc?
The US government’s latest auction of bitcoin seized from Silk Road was a landmark in bitcoin’s story – as many have pointed out, it gives some puny sense of legitimacy to the currency in the sense that the government wouldn’t auction off seized cocaine, for example. The US government is willing to deal in bitcoin to some extent, a petite but significant signal.
But it was also accompanied by its fair share of farce. Before the auction the government accidentally emailed the potential participants but left behind to bcc them, so everyone who received the email could see who else had been emailed, meaning their names were eventually leaked.
Of course this kind of mistake is common – so common that even acclaimed bitcoin developer Amir Taaki made the mistake back in two thousand twelve when he ran Intersango, a UK-based bitcoin exchange that eventually closed down in late two thousand twelve after its banking relationship with Metro Banks turned sour.
The upshot of the US government leak is that the people whose emails were leaked were targeted by scammers, one of whom succeeded in dramatic style. Sam Lee of of bitcoin fund Bitcoins Reserve received an email claiming to be from a media company. The fastened document was supposedly a list of interview questions but actually linked to a website prompting Lee to inject his password. When he did, the attacker took over his email and sent a message to the CTO, requesting a transfer of one hundred bitcoin. Bye bye bitcoin.
But sometimes, attacks are far, far simpler than this.
Five. If I’m messaging you for access to my servers, verify my identity
This isn’t going to be a list of bitcoin heists – oh boy are they joy – but an honourable mention has to be given to Canadian Bitcoins, who were the victim of an old-fashioned social engineering attack that has to go down as one of the easiest ever executed.
Canadian Bitcoins’ servers were being run by a company called Rogers Data Centre (who were technically in the process of taking the data centre over from its previous operator, Granite Networks). A hacker was allegedly able to steal one hundred forty nine bitcoin, or around $100,000 at the time, from Canadian Bitcoins by messaging Rogers Data Centre and just asking for access to the servers.
That’s it. The hacker pretended to be Canadian Bitcoins CEO James Grant over instant message – just by telling “I am James Grant”, there wasn’t any fancy trickery going on – and was given access. “It’s ridiculous,” the real James Grant was reported as telling in the Ottawa Citizen, who broke the story.
Yes. Yes it is ridiculous. But not almost as ridiculous as this next issue.
Four. The end of auroracoin
Iceland is famous for aggressively prosecuting its bankers for their role in the financial meltdown of 2007/2008. So when auroracoin was announced in February, a cryptocurrency designed to be a national currency for Iceland, the starlets seemed to have aligned ideally.
Just months later, auroracoin is dead and all the hype dead with it.
The currency was ‘airdropped’ to Iceland’s citizens in late March, with 31.8 auroracoin allocated to each citizen who had registered. The few that claimed their coins are thought to have instantly sold them off and the price of the coin never recovered after plummeting on its very first day in circulation.
Auroracoin’s fatal gargle came from the insecurity of the network – there was little incentive for miners to maintain the network and process the few transactions made with the coin. As a result it was vulnerable to attack from anyone with a modest amount of computing power at their disposition.
Here are two good post-mortems of the entire fiasco, which go some way to casting doubt on the viability of alternative cryptocurrencies. Speaking of which.
Trio. If you’re going to play with magic beans, at least play with the magic beans everyone agrees have some value
For the last eight years, a bunch of Scottish developers have been calmly beavering away up in Fyfe creating what they see as the future of the Internet – totally decentralized, encrypted and anonymised.
Eight years is a long time to be working on any software project, but this year Maidsafe eventually had their big coming out party – a crowdsale to fund the next stage of the project’s development.
But what were they selling, I hear you ask? A makeshift cryptocurrency, which will one day be exchangeable for the permament cryptocurrency running on the Maidsafe network. Confused yet? You could only participate in this cryptocurrency crowdsale with bitcoin or another cryptocurrency, mastercoin.
Why risk your crowdsale by permitting people to buy in with a practically worthless cryptocurrency like mastercoin? Nobody has a freaking clue – Kashmir Hill at Forbes has a wonderfully detailed account of this entire situation: “I forgive you if you find it all confusing; so did most of the investment experts I spoke with.”
In the end, Maidsafe still successfully raised millions of dollars, but mostly in mastercoin, which isn’t truly very helpful when bills need to be paid in fiat, or bitcoin (at a spread).
Two. Never leave behind: no backsies with bitcoin
What would you say is a reasonable fee to pay to transfer £100? If it was within the UK, you would say there shouldn’t be a fee. If it was an international transfer, you would very likely be fine paying a significant percentage, maybe 9% with WesternUnion or much less with fresh bitcoin remittances companies like BitPesa.
You would most likely be bummed if you had paid 8000%, like the holder of this bitcoin address did in September 2013. It’s unclear what caused the faulty transaction fees, but over the course of a few days one bitcoin address added fat fees to its transactions, essentially donating ridiculous sums of bitcoin to miners. One transaction, totalling only 0.01 bitcoin, had an extra eighty bitcoin fastened as a transaction fee (for reference, transaction fees are usually around 0.0001 bitcoin).
Something similar happened to this hapless Redditor, who made a plain typing error back in July 2013, linking thirty bitcoin to a thirty eight bitcoin transaction.
In a world where the fact that transactions can’t be reversed is considered by some to be a virtue, accidental transactions are stupidly common. As bitcoin wallet software develops, incorrect transactions might get caught in the same way Gmail catches your email if it has the words “I have attached” when there aren’t any attachments.
But until then, people will proceed to accidentally add incorrect transaction fees or even transfer eight hundred bitcoin to defunct Mt. Gox addresses.
1. That hard drive is never coming back
Of course the award for all time greatest bitcoin fail has to go to James Howells from Wales, who sent £4.Two million to the landfill when he chucked out a hard drive containing the private keys for 7,500 bitcoin.
Coming just a month after the news that Norwegian PhD student Kristoffer Koch had bought himself a house after discovering an old hard drive with Five,000 bitcoin on it (which he paid only $27 for in 2009), James Howells’ landfill story felt especially painful.
There are many many more stories like these. Too many to include in one chunk, but let us know your favourite stories of bitcoin woe in the comments below. Let the schadenfreude flow through you.
The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a stringent set of editorial policies. Have violating news or a story peak to send to our journalists? Contact us at [email protected] .