A bitcoin fork has been hit by the now-famous money printing bug

Posted: 3 October 2018 3:12 pm
shutterstock bitcoin cryptocurrency dice 450x250
{"theme":"dark","direction":"horizontal","showArrows":true,"splitTitle":true,"playerOptions":{"captions":true,"popupOnScroll":true,"subscribe":{"title":"Subscribe","url":"https://www.youtube.com/channel/UCKvc0WUB65GCvOTgPVJ9yRA?sub_confirmation=1","visibleOnMain":true,"visibleOnPopup":true}},"active":{"index":0,"start":52,"end":null,"thumb":"https://dvh1deh6tagwk.cloudfront.net/finder-au/wp-uploads/2018/10/Harry-Generic.jpg","thumbAnimation":"kenburns-top-right","heading":{"small":"WATCH","large":"What happens when EOS block producers break the rules?

If nothing else, it's definitive confirmation that CVE-2018-17144 was exactly as devastating as one would expect.

CVE-2018-17144 was the name of a recent vulnerability in bitcoin. It has variously been referred to as the DoS bug, a critical inflation vulnerability and "that thing which would have let people create bitcoin out of thin air".

It arrived recently and became retroactively famous based on the staggering severity of the vulnerability and the way bitcoin developers used a less severe DoS vulnerability as a smokescreen to get people to patch their systems urgently without revealing the extent of the problem.

Bitcoin managed to fix the vulnerability and get away unscathed, but there was always the possibility of bitcoin forks being left vulnerable. That's exactly what just happened, with an obscure project called Pigeoncoin succumbing to attack on 27 September.

Someone used the vulnerability to create an estimated 235 million PGN (pigeons?) out of thin air. It's about a full quarter of the 980 million PGN total supply and is worth about US$15,000 on paper.

Feathers flying

Like most bitcoin forks that just siphon off bitcoin's codebase, bugs and all, and then fail to update following a widely publicised critical bug, Pigeoncoin as a project might be a rather expendable part of the cryptosphere. But it still serves as a useful example of how potentially devastating this bug might have been if someone used it to attack bitcoin.

juicy crypto words

It definitely works, noted cryptocurrency developer Scott Roberts to CoinDesk.

"Mainly it's just nice to know for sure by this example that coins in the wild were really vulnerable. It was not just some vague theoretical problem," he said.

Pigeoncoin is the only known victim so far, but theoretically plenty of other forks are also susceptible, although most updated promptly.

As for Pigeoncoin going forwards, it's now a wait and see game. The small community and various gawkers are following the funds and waiting to see if they're going to be sold off.

"My guess is the funds won't move for a few days. It would be stupid to try and move them all at once," said Pigeoncoin developer Michael Oates on the community Discord.

How easy it is to move them at all remains to be seen. Pigeoncoin is only tradeable on Cryptobridge, where its trading volume is about $500 over the last 24 hours, with Pigeon going for about a hundredth of a cent.

Its primary pair is naturally against BTC, but entertainingly there's also a bit of a Ravencoin to Pigeoncoin market. Maybe market forces can now settle once and for all the exchange rate between a bird in the hand and two birds in the bush.

Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Get into cryptocurrency

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site