A recent bug in the Bitcoin Core code has come back into discussion following attacks to the altcoin, Pigeoncoin. Thanks to the fast response of its developers, the bug has been addressed and Bitcoin remains secure. In this article we explain how Pigeoncoin was affected.
The Pigeoncoin scandal
An altcoin that shares the same code as Bitcoin, Pigeoncoin (PGN) is a recent addition to the growing network of cryptocurrency. Having pioneered the X16S algorithm, Pigeoncoin was a key discussion point in the crypto community earlier this year. Now, it is back in discussion for entirely the wrong reasons.
With 235 million Pigeoncoins artificially printed after an attack on the coin’s code, many now fear a repeat attack on other altcoins. For Pigeoncoin, this attack is worth approximately $15,000USD — an amount equal to over a quarter of all circulating supply.
Why did this hack occur?
The attack on Pigeoncoin’s supply is not random. It is a result of the controversial CVE-2018-17144 bug first noticed in September 2018 by an anonymous developer operating under the alias Awemany.
Despite its unassuming debut, the bug made significant changes to the Bitcoin Core code with serious ramifications.
Called the ‘inflation bug’, CVE-2018-17144 made it possible to generate coins beyond their circulating supply. As described by Awemany themself, the bug had the potential to wreak “unsalvageable havoc” by devaluing cryptocurrencies and inciting corruption among developers.
Following Awemany’s discovery, warnings were issued among the crypto community to upgrade to Bitcoin Core 0.16.3. This upgrade came with a patch to the bug according to an official Bitcoin Core press release.
After updates to Bitcoin Core, it seemed that this scandal had been well and truly addressed.
I am responsible for the CVE-2018-17144 bug. https://t.co/BrPVivM296
— John Newbery (@jfnewbery) September 24, 2018
How severe was the hack?
The attack following the Bitcoin Core bug was damaging for a small altcoin like Pigeoncoin.
But to the network as a whole, the effects are debatable. Some critics suggest it to be one of the worst three bugs in Bitcoin’s history, while others like Bitcoin educator Jimmy Song regard it as a minor speed-bump.
In a Medium article Song writes that:
“I don’t believe the bug was nearly as severe as people like him [Awemany] have made it out to be.”
On the same track, Reddit user Deadalnix suggested that despite being “pretty bad”, the bug did not have the power to bring down the entire Bitcoin network.
“No it wouldn’t crash the whole network, because crashing node do not propagate blocks very well. Still pretty bad”.
So why wasn’t Pigeoncoin spared?
Despite the official Bitcoin Core and Reddit warnings to upgrade to Bitcoin 0.16.3, Pigeoncoin ran out of time to prepare. With priority given to fixing the code for bigger cryptocurrencies, smaller altcoins like Pigeoncoin were left vulnerable to attack.
The attack on Pigeoncoin ultimately reflects the community-based and run system of cryptocurrency and how, like any software, can be subject to corruption.
In fact, in a recent tweet Cornell Professor Emin Gun Sirer suggests that bugs like CVE-2018-17144 are found regularly in the crypto sphere.
Major bug in Bitcoin Core, that can cause a total network fracture for BTC.
Empirically, bugs like this are found regularly in every coin. No implementation has been shown to be superior to others. All noise to the contrary is false marketing. https://t.co/o3ykBlMYFS
— Emin Gün Sirer (@el33th4xor) September 19, 2018
Ultimately, there is no way to undo the damage done to Pigeoncoin.
The crypto community however have breathed a communal sigh of relief for Awemany’s efforts to protect the network.