Bitcoin SV Exploit Results in Widespread Theft
Another reported exploit in Bitcoin SV has resulted in enormous losses for its investors.
- Bitcoin SV investors are currently exposed to an exploit that allows attackers to steal funds from their wallets.
- Project developers have not fixed the bug, but they recommend avoiding certain multisig settings.
- Bitcoin, Bitcoin Cash, and other related forks are not impacted by the exploit.
Share this article
A critical flaw in Bitcoin SV’s ElectrumSV wallet has led to widespread theft, according to user reports on social media. BSV developers still have not announced a fix for the exploit.
BSV Multisig to Blame
Recently, Bitcoin SV abandoned Bitcoin’s original multisig feature (P2SH) and replaced it with a custom solution called “accumulator multi-sig” in order to facilitate faster payments. That script contains logic errors that allowed attackers to steal funds.
It’s not clear how many wallets have been attacked via the exploit, nor is the total value of the attack known. However, one investor, Aaron Zhou, reports losing nearly $100,000.
STOP using multisig accumulator feature in ElectrumSV 1.3.7 immediately. Script “0 0” can unlock directly. Someone stolen 600 BSV of mine. https://t.co/ADwqrmDK94
— Aaron Zhou (@dailyzhou) November 8, 2020
Others report that the vulnerability has been exploited for days—meaning the exploit could be responsible for potentially millions of dollars worth of losses in total.
Is This the End of Bitcoin SV?
Developers have not announced a fix for the exploit. In the meantime, they have instructed BSV investors to avoid the accumulator multisig script in their wallet settings.
Even if the bug is fixed, the attack could further damage Bitcoin SV’s already troubled reputation. The crypto community has widely criticized the project’s controversial leader, Craig S. Wright. Meanwhile, companies like BitMEX have raised awareness of other technical issues with Bitcoin SV such as block reorgs and chainsplits.
Though, None of those issues will necessarily drive away Bitcoin SV’s core users, who appear to be dedicated to the coin despite the project’s many ongoing controversies.
Update: Developers disabled the vulnerable multisig feature in ElectrumSV 1.3.8 after reports of user losses.