Blockchain Bug Rocks Bitcoin World, Losses Continue Mounting for Victims

[MicroGuy]

Late last night something went horribly wrong somewhere in the darkness of Bitcoin’s deepest mining wells. A rig drilling for bitcoins incorrectly validated a bad block spawning the creation of a secondary bitcoin blockchain chock-full of fake bitcoins.

These vapor coins are worthless and will never become “real bitcoins”, yet many hard working miners are still furiously drilling away on the wrong chain, collecting bushel baskets full of unspendable play tokens. According to a red alert notice posted today on Bitcoin.org, the currency’s official website, mining losses thus far have reached into the five figures.

Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far.

The message also warns that a double spend window has opened whereby an attacker could potentially spend 1 bitcoin on both chains thereby doubling its value. To make sure you don’t fall victim to this exploit, you are encouraged to wait for at least 30 confirmations before considering a payment valid.

Web wallet users should wait an additional 30 confirmations more than you would normally wait, unless you know for sure that your wallet is secured by Bitcoin Core 0.9.5 or later.

Luckily, Bitcoin’s core development team noticed the situation early and was able to track down a living alert key holder. An alert key is a secret key that allows its owner to broadcast security alerts and update notices to every bitcoin client.

This is the first time the alert system has been used since April, 2014. Gavin’s recent departure left Bitcoin’s core team without a working key. You can continue monitoring this emergency situation live at Bitcoin.org.

Full Story: http://altcoinpress.com/2015/07/blockchain-bug-rocks-bitcoin-world-losses-continue-mounting-for-victims/

[1714877738]

1714877738

[monsanto]

This is the first time the alert system has been used since April, 2014. Gavin’s recent departure left Bitcoin’s core team without a working key.

There's 3 keys right? So whose key was it?

[jonald_fyookball]

Dat spin!

Why is that this microguy constantly seems to post negatively spun articles on Bitcoin?

[jbrnt]

Late last night something went horribly wrong somewhere in the darkness of Bitcoin’s deepest mining wells. A rig drilling for bitcoins incorrectly validated a bad block spawning the creation of a secondary bitcoin blockchain chock-full of fake bitcoins.

I missed the whole drama. Wasn't online at the time and I am still reading posts surrounding the incident. F2Pool and Antpool is responsible too, but BTC Nuggets is the true culprit. Still cannot believe how a tiny pool (1% of total hashrate) could cause so much havoc for whole network.

Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far.

Learnt something new. I don't understand much about SPV mining until today. F2Pool and Antpool only lost 2 hours' worth of hashing, that is merely 8% of there daily income. They are not going to cry over it. 

This is the first time the alert system has been used since April, 2014. Gavin’s recent departure left Bitcoin’s core team without a working key. You can continue monitoring this emergency situation live at Bitcoin.org.

We can read this both ways: "At least one of the Core Devs should have the alert keys" and "Alert system still works when no Core Dev has the key".

[MicroGuy]

We can read this both ways: "At least one of the Core Devs should have the alert keys" and "Alert system still works when no Core Dev has the key".

Yes. If the core team is able to locate someone with the key they can indeed send out alerts, as long as this third party can be found and agrees to comply.

[IIOII]

Luckily, Bitcoin’s core development team noticed the situation early and was able to track down a living alert key holder.

That sounds quite dramatic! Several alert key holders already died from holding the keys. Now the remaining ones are on the run...

I think the problem was contained quite fast. It shows that it's always good to run a full node.

[Meuh6879]

https://bitcoin.org/bin/

0.9.5 : 24-May-2015 07:19

3 months to do an update ... even Java or Flash Player can FORCE people to do more frequencly update.
So, people are lazy and cry when they don't do updates.

[pooya87]

it is funny how the article mentions "Victims" and yet i don't see any victims.
and the funny part is the article itself doesn't mention any victims either, just talks about the potential of an attacker using a double spend to double the value of his coin!

[achow101]

This is the first time the alert system has been used since April, 2014. Gavin’s recent departure left Bitcoin’s core team without a working key.

There's 3 keys right? So whose key was it?

There is only one alert key and it is held by multiple people, not just Gavin, and I wouldn't be surprised if more core devs had them. I know that Theymos has a key as well as Gavin. I'm fairly certain that waldimir has one too and probably more if not all of the core devs.

[Amph]

big pool like those chinese one should always use last core version for mining, again it is not a bitcoin fault, it's miners fault

the articles is also presented in a way that is yelling "fud" every where

[turvarya]

It's just the FUD'ster MicroGuy. Nothing to see here.

[MicroGuy]

There is only one alert key and it is held by multiple people, not just Gavin, and I wouldn't be surprised if more core devs had them. I know that Theymos has a key as well as Gavin. I'm fairly certain that waldimir has one too and probably more if not all of the core devs.

The list of people with access to the alert key is listed here: https://en.bitcoin.it/wiki/Alerts

None of the current active core developers is on that list. I think these issues are relevant and worthy of discussion. For example, why should someone what vanished 5 years ago still have that all-powerful access yet at the same time no current core member apparently does? Seems like a valid concern.

[croTek4]

Dat spin!

Why is that this microguy constantly seems to post negatively spun articles on Bitcoin?

I was thinking the same thing, this microguy is a fraud.

[MicroGuy]

Dat spin!

Why is that this microguy constantly seems to post negatively spun articles on Bitcoin?

I was thinking the same thing, this microguy is a fraud.

This article is open for corrections like all other stories on Altcoin press. This story has solid sources with links.

[achow101]

The list of people with access to the alert key is listed here: https://en.bitcoin.it/wiki/Alerts

None of the current active core developers is on that list. I think these issues are relevant and worthy of discussion. For example, why should someone what vanished 5 years ago still have that all-powerful access yet at the same time no current core member apparently does? Seems like a valid concern.

That is not a full list of everyone who has an alert key. If you actually read the whole thing, you would notice this:

The known private key holders are Satoshi Nakamoto, Gavin Andresen and theymos. There are other people able to issue alerts in the event of the incapacitation of the aforementioned

The keyholders are not publicly known for their own safety. If everyone knew who held the alert keys, then people could pressure them and coerce them into sending alerts. However, the alert system is not all-powerful. It is in fact rather weak. It does not force anyone to do anything nor does it force the software to do anything. Anyone with the alert key can only send messages that are up to the people to decide whether to use or not.

[scarsbergholden]

Man this big pools mostly when a fork happens is a selfish pool not using the same version has the others because they want to take over and have the other follow them, well with all the money now put to mining equipment some of this pool have turned into small corporations.

[notbatman]

I had a 50% reduction in payout due this issue but, returning to the expected payout over a few days. If you want to mourn, customers of mtgox and the miners who made pre-orders in 2013/2014 could use your pitty.

Bitcoin is still beta and the issue was resolved fairly quickly without much damage. It should be noted that miners trying to shave a few milliseconds off time by not validating blocks properly before attaching their blocks caused this. They were doing it wrong and got taken advantage of.

The fact Bitcoin has been hardened somewhat because of this can only increase confidence in it IMO.