CoinDesk is lying about the ElectrumSV bug

CoinDesk should issue a retraction.

If you only read the first paragraph, this is what matters: 

This week, CoinDesk and Gregory Maxwell teamed up to misrepresent the nature and scope of a bug in an ElectrumSV script for an experimental multisig wallet type. The experimental wallet had a pop-up warning for users, letting them know about the potential for “loss of coins” in red, but due to an unknown zero-day exploit, a hacker was able to steal coins from a single, unfortunate user.

coindesk-is-lying-about-the-electrumsv-bug

CoinDesk explicitly reported that the hack occurred because BSV, “gutted some of Bitcoin’s key features; now, it’s worse off for it,” which is blatantly false. Bitcoin SV is a secure and professionally audited implementation of the Bitcoin protocol. Neither Bitcoin SV’s protocol nor implementation were targeted in this hack, so it is disingenuous to call the security of the network into question. The bug was in the code of a single wallet used on the network. It has since been patched, and the new version of ElectrumSV is presumed secure.

CoinDesk and Blockstream (two companies owned in part by Barry Silbert) have long criticized the Bitcoin protocol, misrepresenting its strengths as weaknesses, presumably for the benefit of their own portfolio, so their dishonesty here is not surprising. So What Happened?

Some backstory

During the first few years of Bitcoin, developers were unsure what to do with the robust scripting language that Satoshi implemented in Bitcoin to allow it to deploy virtual machines, tokens and complex smart contracts. Fearing their own lack of understanding about Bitcoin, the Core developers gutted the Bitcoin protocol and converged a myriad of use cases into a soft fork called “Pay to Script Hash” or “P2SH.” This built walls around bitcoin’s inherent functionality to deploy complex scripts and multisig wallet types, removing users’ options and corralling them into only being able to use one type of script-based wallet for most applications.

Over time, P2SH became the wallet standard of choice for big custodians. Until Bech32 Native Segwit wallets became the new BTC standard of multisig custodial wallet management, P2SH wallets were an easy choice for uneducated, middle-management IT and security personnel at the major Bitcoin business to simply copy and paste rules for an easy way to know that nothing was broken.

However, BSV is a restoration of the complete and unbounded implementation of Bitcoin which includes many more options for script-based wallet management which included the necessary deprecation of the P2SH protocol from Bitcoin SV in order to be rid of its technical debt.

The bug

A single OP_Code used in creation of accumulator multi-signature scripts was coded incorrectly, and allowed funds to be stolen. That’s it. A mistake in implementation of ElectrumSV. While we do not minimize the bug or the victim of the theft, it is important to note that it was a single bug and was fixed inside of two days with the release of Electrum version 1.3.8, while the BTC variant of the Electrum wallet has had thousands of disclosed bugs (and presumably many more undisclosed bugs) over the years with many millions of dollars stolen due to flaws in Electrum.

Bitcoin SV developer Dean Little issued a pull request to fix the script error, but for the time being, ElectrumSV will leave the functionality turned off until it can invest in testing the new scripts further—highlighting the need for a rigorous testing framework to explore the bounds of Bitcoin.

Traditionally, this work has been done (haphazardly) by the volunteer open source community, which is why Electrum has historically been plagued with fatal flaws. Greg Maxwell knows this, and is merely playing word games in order to frighten people away from Bitcoin SV through mischaracterization and the predictable tone of a blatant social engineer. He states, in closing, “Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I’m not going to run any of it and risk finding out.”

We know you won’t, Greg. Rather than pursuing greatness, you will do what you always do: restrict the functionality of Bitcoin in BTC in order to “protect” users from themselves and stifling the capabilities of Bitcoin in the process!

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to BinanceBitcoin.comBlockstream and Ethereum—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.