A bitcoin fork has been hit by the now-famous money printing bug
If nothing else, it's definitive confirmation that CVE-2018-17144 was exactly as devastating as one would expect.
CVE-2018-17144 was the name of a recent vulnerability in bitcoin. It has variously been referred to as the DoS bug, a critical inflation vulnerability and "that thing which would have let people create bitcoin out of thin air".
It arrived recently and became retroactively famous based on the staggering severity of the vulnerability and the way bitcoin developers used a less severe DoS vulnerability as a smokescreen to get people to patch their systems urgently without revealing the extent of the problem.
Bitcoin managed to fix the vulnerability and get away unscathed, but there was always the possibility of bitcoin forks being left vulnerable. That's exactly what just happened, with an obscure project called Pigeoncoin succumbing to attack on 27 September.
Someone used the vulnerability to create an estimated 235 million PGN (pigeons?) out of thin air. It's about a full quarter of the 980 million PGN total supply and is worth about US$15,000 on paper.
Like most bitcoin forks that just siphon off bitcoin's codebase, bugs and all, and then fail to update following a widely publicised critical bug, Pigeoncoin as a project might be a rather expendable part of the cryptosphere. But it still serves as a useful example of how potentially devastating this bug might have been if someone used it to attack bitcoin.
It definitely works, noted cryptocurrency developer Scott Roberts to CoinDesk.
"Mainly it's just nice to know for sure by this example that coins in the wild were really vulnerable. It was not just some vague theoretical problem," he said.
Pigeoncoin is the only known victim so far, but theoretically plenty of other forks are also susceptible, although most updated promptly.
As for Pigeoncoin going forwards, it's now a wait and see game. The small community and various gawkers are following the funds and waiting to see if they're going to be sold off.
"My guess is the funds won't move for a few days. It would be stupid to try and move them all at once," said Pigeoncoin developer Michael Oates on the community Discord.
How easy it is to move them at all remains to be seen. Pigeoncoin is only tradeable on Cryptobridge, where its trading volume is about $500 over the last 24 hours, with Pigeon going for about a hundredth of a cent.
Its primary pair is naturally against BTC, but entertainingly there's also a bit of a Ravencoin to Pigeoncoin market. Maybe market forces can now settle once and for all the exchange rate between a bird in the hand and two birds in the bush.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.