'Bitcoin Bug' Exploited on Crypto Fork as Attacker Prints 235 Million Pigeoncoins

Using a major bug found and fixed on bitcoin last month, an attacker was able to print 235 million coins on "pigeoncoin."

AccessTimeIconOct 2, 2018 at 8:05 p.m. UTC
Updated Sep 13, 2021 at 8:26 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A severe bug discovered just weeks ago in bitcoin's code has been exploited – albeit on a lesser-known cryptocurrency.

The developers behind the pigeoncoin cryptocurrency confirmed the exploit to CoinDesk on Tuesday, reporting that an unknown attacker successfully took advantage of the bug on September 26th, showcasing in the wild how it could have been used on bitcoin by printing 235 million coins worth about $15,000.

That's because while the severe inflation bug was patched on bitcoin, other coins that have borrowed bitcoin's public code over the years are still vulnerable (if they haven't corrected their code). If exploited, the bug gives an attacker the ability to print as many coins as they want, going even above the hard-coded limitations on supply cryptocurrencies often have and decreasing the value of all the other coins investors hold.

Set apart by its X16r mining algorithm, pigeoncoin is not exactly a big cryptocurrency, not even ranking in the top 1,000 in terms of how valuable it is compared to others on CoinMarketCap. Still, the attack may be no less impactful on its efforts to use a blockchain to "end abusive data collection."

With a total supply of 970 million pigeoncoins, the attacker was able to print an amount equal to one-fourth of all publicly traded pigeoncoins, prompting one of the only exchanges to support the currency, CryptoBridge, to temporarily suspend trading while developers moved to enact a fix.

After the inflation was detected, developers of the coin quickly released a software fix borrowing from the code bitcoin developers put out a couple of weeks ago. "Pools and exchanges must upgrade immediately to resolve a double-spend exploit derived from bitcoin source," the notes for the fix explain.

But while users might not particularly care about what happens to the little-known coin, the exploit has wider implications for the cryptocurrency world.

Cryptocurrency developer Scott Roberts argued that the main takeaway from this event is that the bitcoin bug was really as bad as it sounded:

"Mainly it's just nice to know for sure by this example that coins in the wild were really vulnerable. It was not just some vague theoretical problem."

What's next

Now the bug is fixed, observers are wondering what the attacker will do and whether he or she will successful be able to trade their gains for fiat money. In order to do so, the attacker most likely will need to convert their pigeoncoin into another cryptocurrency that's more widely accepted.

"Many of us are now waiting to see what happens with the hacked coins and if there's going to be a dump soon," pigeoncoin developer Michael Oates told CoinDesk.

The community is following the events closely in the pigeoncoin Discord chat channel. "My guess is the funds won't move for a few days. It would be stupid to try and move them all at once," Oates added on Discord.

The other big concern is, if pigeoncoin was attacked, what about other coins that have cloned bitcoin's code?

"It would be interesting to see how many coins suffered an attack due to [the] bug," Roberts told CoinDesk, adding that pigeoncoin is the only one he knows has been exploited so far.

Still, Roberts added that many cryptocurrencies, such as bitcoin gold and litecoin, have now upgraded, so hopefully the same attack won't be executed on other coins.

He concluded:

"It looks like most coins have already updated, so it's not likely to be a problem."

Pigeon image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.