Author

Topic: Discussion: The major exploit and related discussion (2010) (Read 147 times)

legendary
Activity: 1232
Merit: 1080
Anyone have any input on this at all?

I'll probably consider posting this in serious discussion because it looks like this sub forum is getting drowned out by the mega threads which people continue to post in...
legendary
Activity: 1232
Merit: 1080
In Bitcoins early days in fact just over 1 year a major exploit was found and abused by two addresses on the network which were likely controlled by one person although this hasn't been proven or found out to date. The major security vulnerability was first spotted in what I presume was in the code and by Satoshi himself or some other developer on 6 August 2010. To my knowledge this is the only major vulnerability  that was discovered in Bitcoins history.

I would like to discuss this with the people at Bitcointalk to get a better understanding and some insight on what happened in these 9 days. Here are the main questions:

1. How was the vulnerability spotted and by who?
2. If this was public knowledge why was it only exploited 9 days after?
3. The transaction/exploit was erased from the network how so?
4. Was it discovered who exploited the network and controlled the addresses?

I am assuming the vulnerability was first discovered by either Satoshi or another developer that was working on Bitcoin at that time. As far as I'm aware Gavin Andersen wasn't involved in developing Bitcoin directly at this point but was developing for the Bitcoin market. Maybe the vulnerability was discovered by a member of the public?

It's odd that knowing there was a vulnerability in the code and was probably public knowledge at the time because of Bitcoin being open source why did it take 9 days for A. Something to be done about it and B. For someone to exploit it. This was very early days for Bitcoin and the exploit was spotted before it was abused. So why risk it and wait until someone does exploit it to actually patch the code? Did it really take 9 days to come up with a solution and it just so happens that it was exploited the same day too.

Once the vulnerability was exploited it only took a few hours for it to  be patched and the transaction log to be cleared. How did this happen? Surely the coins would of confirmed on the network and because Bitcoin isn't reversible would of stayed on the network?  I know that the network would of had to been forked. But was this a hard fork? If so what we are using today could be considered Bitcoin 2.0 and thus the original Bitcoin failed within a year and half due to this exploit.

Finally does anyone know what the two addresses were and could link them in this thread? It would be interesting to know who abused the vulnerability and if the addresses have been used since.

For anyone who is wondering how the vulnerability worked is transactions were not verified before they were included in the blockchain. Therefore you could send any amount of coin you wanted as it would not check if you had that amount to send. So someone generated 184 billion bitcoins and sent it to two addresses on the network it existed on the network for a brief amount of time.

I wish for us to discuss this and provide further insight for not only myself but for the others which maybe don't know too much about the vulnerability and Bitcoin itself. I welcome both technical and non technical discussion.
Jump to: