
Bitcoin’s Biggest Hack in History: 184.4B Bitcoin from Thin Air - vinnyglennon
https://hackernoon.com/bitcoins-biggest-hack-in-history-184-4-ded46310d4ef
======
apo
The change that invalidated the transaction was not a hard fork. It was a soft
fork.

[https://en.bitcoin.it/wiki/Value_overflow_incident](https://en.bitcoin.it/wiki/Value_overflow_incident)

A hard fork expands the range of valid transactions. A soft fork narrows that
range.

Remember the book _Javascript the good parts_? It proposes that developers
ignore certain language features that can cause trouble. The interesting thing
about this approach is that all the code you write by following the book's
guidelines will run on all existing runtimes. Your code is backward
compatible.

Had the book advocated new language constructs, then those applying them would
not be able to run their software on existing runtimes.

This difference is roughly comparable to the difference betweeen hard and soft
forks.

Prior to the Bitcoin update, no check was made for overflow conditions. After
the update, only transactions obeying a narrower set of rules involving an
overflow check were considered valid.

A soft fork can be deployed by miners censoring blocks containing the
transactions which are longer valid. Nodes that don't generate blocks need not
update for they will never see the now invalid transactions. Miners need to
update to avoid generating blocks that will be rejected by the network.

A hard fork requires even non-generating nodes to update, for they will need
to determine the validity of blocks with transactions applying an expanded
rule set.

~~~
pjc50
This is the clearest explanation of the distinction I've read, thanks.

------
hudon
It wasn't the last time that centralized decision-making saved the day.
Another incident that is worth reading about if Bitcoin failures interest you
is the 2013 Bitcoin fork: [https://freedom-to-tinker.com/2015/07/28/analyzing-
the-2013-...](https://freedom-to-tinker.com/2015/07/28/analyzing-
the-2013-bitcoin-fork-centralized-decision-making-saved-the-day/)

Basically, a new version of Bitcoin Core software was released (v0.8) and only
part of the network was running it. Then a block caused a divergence, where
folks running v0.8 started mining on top of a different chain than the one
mined by folks on v0.7. Amidst the chaos, 2 developers (Luke DashJr and Pieter
Wuille), decided that miners should rollback to v0.7 and mine on top of the
"v0.7" chain. Miners and other devs quickly fell in line.

One lesson gleaned from these two incidents (featured article and this one) is
that centralized problem-solving clearly made these events less catastrophic
than they would otherwise have been. If in 2013 there had been no leader to
advise the crowd which chain Bitcoin should be, the divergence may have been
permanent. And then people wonder why nowadays Bitcoin keeps forking, when
history shows that strong leadership prevents persistent forks. A persistent
chain fork is not a technical failure, it is a leadership failure.

~~~
Felz
Which raises the question: If strong leadership is needed to define the meta-
consensus, what use is it that the technical consensus is decentralized?

~~~
aeternus
Technical consensus provides an important backup / tie-breaker when meta-
consensus isn't clear.

This has happened multiple times in the past with Bitcoin, most recently with
Bitcoin Cash vs. Bitcoin Core. The user-base is split, there is lots of
propaganda on both sides. However the technical consensus yields a single
chain (Bitcoin Core).

~~~
hudon
Actually there were 2 persistent bitcoin chains to emerge from that conflict,
one led by Bitcoin Core’s consensus rules and one led by Bitcoin Cash’s
consensus rules. Nothing technical prevented the fork. And to claim one is
more “bitcoin” than the other is moot. In fact the argument of which bitcoin
chain is what Satoshi would have wanted is still being argued about every
single day...

~~~
aeternus
True both are still around, but a user can simply choose the fork with the
longest chain (most PoW).

This is important because all other metrics such as choosing based on message
boards, market cap, etc. can be more easily gamed.

------
modeless
Now that so many coins are doing private encrypted transaction amounts, I
wonder if a bug like this could go undetected. If you could find an inflation-
causing bug in a popular private coin and exploit it, you could easily make
tens of millions of dollars within a few days. Possibly hundreds of millions
if you played it right. And even if you were later found out, it's not clear
to me that it would be illegal or whether you could be prosecuted for it. It's
the biggest bug bounty ever.

~~~
verroq
[https://zcoin.io/important-announcement-zerocoin-
implementat...](https://zcoin.io/important-announcement-zerocoin-
implementation-bug/)

~~~
lawlessone
ok that explains how they know pretty well.

------
geoah
What always confused me about cases like this one is what is considered a hard
fork. This was a software bug, and not a flaw in the design or protocol
itself. When is it a bug fix, and when is it a hard fork? Is the client law,
or is the protocol law?

\- If there were more than one clients would this be an issue?

\- If there were more than one clients and only one had the bug, would it
still be a hard fork?

~~~
Klathmon
It's miner and user confidence in a specific chain that ultimately defines it.

Similar to country sovereignty, these things are defined only by how most
people define it. You can't just stand up and say you are now your own
country, you need to get other countries, other people, to agree with you. But
at the same time, if a country changes its name/laws/maps, it doesn't become a
"new country", it just changes.

You can fork bitcoin, but unless most users and miners out there agree to call
your fork "bitcoin", then it won't be bitcoin. But if "bitcoin" decides to
radically change, and most people agree with the change, then it is still
bitcoin, despite the differences.

(as an aside, anywhere I say "most people" here, you can replace that with
"most hash power" or "most users" or any other metric you want. I'm not trying
to speak to specifics, but more the overall idea)

------
jyriand
Off topic: I can't read stories on hackernoon. The bright green header makes
my eyes watery and after closing my eyes I can see the afterglow. I can see it
even right now with eyes open. The fact that I can't scroll away from it,
makes it even worse. Why would you make this header sticky?

~~~
SmellyGeekBoy
Permanently burning the logo into users' retinas - it's an advertiser's dream!

------
saagarjha
> Satoshi Nakamoto quickly hard forked the blockchain to remove the 184.467
> billion Bitcoins, which is the only thing that saved Bitcoin from dying an
> early death that day.

Of course, if something like this happens today, I’m not sure the solution
would be as simple as this…

~~~
uncoder0
I was there. Someone would post the code for the hard fork and most miners
would switch to the chain without the bug. A chain that has infinite bitcoins
on it is worthless... Just as it happened back then. I switched over as soon
as I read the thread about it and saw the chatter on irc.

~~~
saagarjha
I understand that most people probably would switch. I’m actually looking it
this from a different perspective: would Bitcoin be able to regain trust? A
large hack might kill Bitcoin if everyone decides that they don’t trust
Bitcoin’s security.

~~~
aey
Yes. The trust is not in the code, it’s in the hash power.

~~~
seandougall
From a normal investor’s standpoint, the hash power is an implementation
detail. Trust has to be in the integrity of the blockchain.

~~~
aey
Maybe that investor shouldn’t invest in bitcoin or Proof of Work based chains.

These systems are nothing like PayPal and Venmo and investing in ignorance is
just asking for losses.

~~~
seandougall
I agree; nobody should be considering cryptocurrencies an investment. That’s
not the message coming from most Bitcoin enthusiasts, though.

------
baby
What was the problem exactly? The article is a bit shy about it. Integer
overflows usually reduce the value instead of increasing it.

~~~
Dylan16807
The transaction took an input of half a bitcoin, and had two outputs of
roughly 2^63 each plus another output that got a tiny amount.

Skipping over a few details, that means you send 92 billion to one address, 92
billion to another address, and the total overflows back under .5 bitcoins.

------
Waterluvian
Is there collateral damage when forks like this happen? Or can they precisely
target just the one thing?

~~~
lolc
Yep. Transactions in subsequent blocks may be reordered or not included at all
in the new chain forked from before the incident. Temporarily diverging forks
are a property of Bitcoin anyway and must be expected. So your transaction
being first confirmed but then dropping out is a possibility without assuming
malfeasance.

Still it is also possible to revert transactions in Bitcoin if enough people
agree. As demonstrated after this hack. The biggest collateral damage is in
trust when this is demonstrated in vivo.

------
arisAlexis
hard forking is consensus and the whole system is built on consensus. it's the
democracy of the developers, the miners and the people with skin in the game.

