Flaw in Bitcoin SV Multisig Wallet Puts Funds at Risk

Bitcoin SV scrapped Bitcoin’s multisignature design and created its own. The insecure design is causing problems for some BSV users.

AccessTimeIconNov 9, 2020 at 9:57 p.m. UTC
Updated Sep 14, 2021 at 10:29 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

When Bitcoin SV (BSV) forked from Bitcoin Cash, its mandate to create a faster, payments-focused blockchain required gutting some of Bitcoin’s key technical features. 

In doing so, it gutted some of Bitcoin’s key features; now, it’s worse off for it.

One of these features, the so-called pay-to-script hash (P2SH) function, allows a user to send a transaction by signing it to a “script” rather than a public key address. These scripts create special conditions that must be met in order to access the bitcoins sent to them, and they are most often used in multisignature transactions – or, transactions that require more than one party to approve.

Before P2SH transactions came to Bitcoin in 2012, Bitcoin’s only transaction type would send payments to a public key address through the pay-to-public-key-hash (P2PKH) function.

BSV’s homebrewed multisig wallets have been hacked

Bitcoin Core developer and former Blockstream CTO Gregory Maxwell posted on Reddit’s r/bsv that BSV developers removed the P2SH feature some time ago from the BSV blockchain’s code. In the ElectrumSV wallet (“and presumably elsewhere,” Maxwell says in the post), developers replaced the feature with a bootleg, BSV-specific version called “accumulator multisig” that utilized P2PKH transactions instead.

There’s a reason Bitcoin uses P2SH for multisig and not P2PKH, because the latter is not ideal for multisignature transactions.

It’s so insecure, in fact, that BSV holders are losing funds, Maxwell says in the post.

“These scripts had no security at all,” he explains. 

According to Maxwell, the code’s architects only checked to see if the multisig transactions would work with the exact number of private keys needed to send the transaction (a multisig wallet requires more than one private key to authorize a transaction). They did not test transactions if more or fewer keys than necessary are present.

In his testing, Maxwell found two significant problems: first, that multisig spends fail if more than the minimum number of keys sign a transaction. Second, anyone could tap the multisig funds “with too few signatures (such as none at all).”

One BSV user, Aaron Zhou, lost 600 BSV to an attack exploiting this weakness on his multisignature wallet. When enquiring about the loss to a developer in a BSV chatroom, Zhou said that he trusted “it was safe enough” because “it was introduced by CoinGeek,” a pro-BSV media outlet bankrolled by Calvin Ayre, a close friend of BSV creator Craig Wright.  By way of response, a developer in the chat chastised Zhou by saying he should only have committed “small amounts” to the wallet.

If it ain’t broke, don’t fix it

With a tone of frustration in his post, Maxwell said that “the error could have been avoided with even the most basic testing or review.”

The fiasco is a reminder that cryptocurrency development comes with trade-offs and requires diligence. BSV’s founders and proponents have marketed it as payments-focused coin with massive block sizes and blisteringly fast transaction times. To achieve these properties, BSV developers chose to strip Bitcoin’s code of key features. As evidenced by the multisig fiasco, this can come at the expense of security.

When money is on the line, you can’t move fast and break things. Often criticized as a slow-grinding, too-conservative process, Bitcoin development often proceeds with the principles of caution and precision in mind. 

Unsurprisingly, as a Bitcoin Core developer Maxwell favors this methodical approach over the perfunctory one.

“This situation would have been avoided entirely had BSV not ripped out the competent, time-tested and highly peer-reviewed mechanisms for multisig by Bitcoin in favor of far less efficient home-brew crypto,” said Maxwell.

“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I'm not going to run any of it and risk finding out.”

Developers at ElectrumSV have not yet returned answers to questions from CoinDesk.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.