A severe bug discovered just weeks ago in bitcoin's code has been exploited – albeit on a lesser-known cryptocurrency.
The developers behind the pigeoncoin cryptocurrency confirmed the exploit to CoinDesk on Tuesday, reporting that an unknown attacker successfully took advantage of the bug on September 26th, showcasing in the wild how it could have been used on bitcoin by printing 235 million coins worth about $15,000.
That's because while the severe inflation bug was patched on bitcoin, other coins that have borrowed bitcoin's public code over the years are still vulnerable (if they haven't corrected their code). If exploited, the bug gives an attacker the ability to print as many coins as they want, going even above the hard-coded limitations on supply cryptocurrencies often have and decreasing the value of all the other coins investors hold.
Set apart by its X16r mining algorithm, pigeoncoin is not exactly a big cryptocurrency, not even ranking in the top 1,000 in terms of how valuable it is compared to others on CoinMarketCap. Still, the attack may be no less impactful on its efforts to use a blockchain to "end abusive data collection."
With a total supply of 970 million pigeoncoins, the attacker was able to print an amount equal to one-fourth of all publicly traded pigeoncoins, prompting one of the only exchanges to support the currency, CryptoBridge, to temporarily suspend trading while developers moved to enact a fix.
After the inflation was detected, developers of the coin quickly released a software fix borrowing from the code bitcoin developers put out a couple of weeks ago. "Pools and exchanges must upgrade immediately to resolve a double-spend exploit derived from bitcoin source," the notes for the fix explain.
But while users might not particularly care about what happens to the little-known coin, the exploit has wider implications for the cryptocurrency world.
Cryptocurrency developer Scott Roberts argued that the main takeaway from this event is that the bitcoin bug was really as bad as it sounded:
Now the bug is fixed, observers are wondering what the attacker will do and whether he or she will successful be able to trade their gains for fiat money. In order to do so, the attacker most likely will need to convert their pigeoncoin into another cryptocurrency that's more widely accepted.
"Many of us are now waiting to see what happens with the hacked coins and if there's going to be a dump soon," pigeoncoin developer Michael Oates told CoinDesk.
The community is following the events closely in the pigeoncoin Discord chat channel. "My guess is the funds won't move for a few days. It would be stupid to try and move them all at once," Oates added on Discord.
The other big concern is, if pigeoncoin was attacked, what about other coins that have cloned bitcoin's code?
"It would be interesting to see how many coins suffered an attack due to [the] bug," Roberts told CoinDesk, adding that pigeoncoin is the only one he knows has been exploited so far.
Still, Roberts added that many cryptocurrencies, such as bitcoin gold and litecoin, have now upgraded, so hopefully the same attack won't be executed on other coins.
Pigeon image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.