- A BSV holder has lost 600 coins worth $100,000 after he discovered his ElectrumSV wallet to be compromised
- The multisignature accumulator protocol within the wallet had not been properly tested, allowing someone to bypass it and steal his coins
- BSV developers had chosen to replace the eight year old P2SH multisignature used in Bitcoin with their own
A BSV holder has lost 600 coins worth $100,000 after he fell victim to a bug in the ElectrumSV wallet after BSV developers eschewed the existing Bitcoin multisignature protocol for their own version, and then failed to test it properly. The in-house multisignature accumulator feature in the latest version of the wallet contained a bug that allowed malicious users to drain wallets of their contents, and some in the community were quick to criticize BSV developers for needlessly putting their users at risk.
Multisignature Accumulator Fails in ElectrumSV Wallet
News of the bug surfaced on Sunday when a Twitter user by the name of Aaron Zhou reported that “someone stole 600 BSV of mine” and warned users against using the multisignature accumulator feature in the ElectrumSV 1.3.7 wallet:
STOP using multisig accumulator feature in ElectrumSV 1.3.7 immediately. Script “0 0” can unlock directly. Someone stolen 600 BSV of mine. https://t.co/ADwqrmDK94
— Aaron Zhou (@dailyzhou) November 8, 2020
Some respondents were sympathetic to Zhou’s plight while others took the opportunity to have a sly dig at BSV, one of which was Craig Wright’s legal nemesis Peter McCormack who offered to send Zhou some Bitcoin as compensation, which Zhou gratefully accepted.
BSV Criticism Comes Hard and Fast
Some weren’t quite so subtle with their assessment of the situation, with one knowledgeable Reddit user, nullc, tearing a strip off the BSV developers in a lengthy critique:
AND ITS GONE: Popular BSV multisig provides no security at all and eventually the coins all go poof. from r/bsv
nullc criticized BSV developers for the way they “ripped out” the existing P2SH multisignature protocol that has been a staple in Bitcoin transactions since 2012, leaving them having to “home brew their own multisig crypto.” nullc adds that the bug could have been detected “with even the most basic testing or review” before highlighting that there is an even bigger problem at the heart of the loss:
Finally, this situation would have been avoided entirely had BSV not ripped out the competent, time tested, and highly peer reviewed mechanisms for multisig by Bitcoin in favor of far less efficient homebrew crypto. Yet again, we see that bamboozlement and competence are not good bedfellows. Leave it to BSV to make the YOLO incompetence of ETH land look comparatively reasonable.
All is not lost for Zhou however, with one wag pointing out that BSV backer Calvin Ayre has a tried and tested way of getting the coins back:
Hey Aaron. @CalvinAyre has mentioned multiple times coins can simply be returned via a court order once you’ve proven your ownership of coins. Just message him, i’m sure he can assist.
— Jingles ☣️⚡️ (@JinglesBTC) November 8, 2020
