Flaw in Bitcoin SV Multisig Wallet Puts Funds at Risk
Bitcoin SV scrapped Bitcoin’s multisignature design and created its own. The insecure design is causing problems for some BSV users.
When Bitcoin SV (BSV) forked from Bitcoin Cash, its mandate to create a faster, payments-focused blockchain required gutting some of Bitcoin’s key technical features.
In doing so, it gutted some of Bitcoin’s key features; now, it’s worse off for it.
One of these features, the so-called pay-to-script hash (P2SH) function, allows a user to send a transaction by signing it to a “script” rather than a public key address. These scripts create special conditions that must be met in order to access the bitcoins sent to them, and they are most often used in multisignature transactions – or, transactions that require more than one party to approve.
Before P2SH transactions came to Bitcoin in 2012, Bitcoin’s only transaction type would send payments to a public key address through the pay-to-public-key-hash (P2PKH) function.
BSV’s homebrewed multisig wallets have been hacked
Bitcoin Core developer and former Blockstream CTO Gregory Maxwell posted on Reddit’s r/bsv that BSV developers removed the P2SH feature some time ago from the BSV blockchain’s code. In the ElectrumSV wallet (“and presumably elsewhere,” Maxwell says in the post), developers replaced the feature with a bootleg, BSV-specific version called “accumulator multisig” that utilized P2PKH transactions instead.
There’s a reason Bitcoin uses P2SH for multisig and not P2PKH, because the latter is not ideal for multisignature transactions.
It’s so insecure, in fact, that BSV holders are losing funds, Maxwell says in the post.
“These scripts had no security at all,” he explains.
According to Maxwell, the code’s architects only checked to see if the multisig transactions would work with the exact number of private keys needed to send the transaction (a multisig wallet requires more than one private key to authorize a transaction). They did not test transactions if more or fewer keys than necessary are present.
In his testing, Maxwell found two significant problems: first, that multisig spends fail if more than the minimum number of keys sign a transaction. Second, anyone could tap the multisig funds “with too few signatures (such as none at all).”
One BSV user, Aaron Zhou, lost 600 BSV to an attack exploiting this weakness on his multisignature wallet. When enquiring about the loss to a developer in a BSV chatroom, Zhou said that he trusted “it was safe enough” because “it was introduced by CoinGeek,” a pro-BSV media outlet bankrolled by Calvin Ayre, a close friend of BSV creator Craig Wright. By way of response, a developer in the chat chastised Zhou by saying he should only have committed “small amounts” to the wallet.
If it ain’t broke, don’t fix it
With a tone of frustration in his post, Maxwell said that “the error could have been avoided with even the most basic testing or review.”
The fiasco is a reminder that cryptocurrency development comes with trade-offs and requires diligence. BSV’s founders and proponents have marketed it as payments-focused coin with massive block sizes and blisteringly fast transaction times. To achieve these properties, BSV developers chose to strip Bitcoin’s code of key features. As evidenced by the multisig fiasco, this can come at the expense of security.
When money is on the line, you can’t move fast and break things. Often criticized as a slow-grinding, too-conservative process, Bitcoin development often proceeds with the principles of caution and precision in mind.
Unsurprisingly, as a Bitcoin Core developer Maxwell favors this methodical approach over the perfunctory one.
“This situation would have been avoided entirely had BSV not ripped out the competent, time-tested and highly peer-reviewed mechanisms for multisig by Bitcoin in favor of far less efficient home-brew crypto,” said Maxwell.
STORY CONTINUES BELOW
“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I'm not going to run any of it and risk finding out.”
Developers at ElectrumSV have not yet returned answers to questions from CoinDesk.