A serious security flaw has been identified in crypto wallet Electrum SV, which has caused some users to lose their Bitcoin SV (BSV) funds.
Bitcoin SV is a fork of Bitcoin Cash, designed to improve the speed at which transactions are processed. However, to optimize for speed, BSV watered down some of the technical features in place to ensure coins remain secure in transit.
Namely, BSV did away with the pay-to-script hash (P2SH) feature, used to verify transactions that need to be greenlit by multiple parties (also called multi-signature transactions).
- Here's our list of the best bitcoin wallets (opens in new tab) available
- Check out our list of the best cloud mining (opens in new tab) services out there
- We've built a list of the best crypto mining rigs (opens in new tab) on the market
In its stead, developers of the ElectrumSV wallet (and likely others) introduced a feature called accumulator multi-signature, which is now understood to be highly insecure.
Crypto wallet vulnerability
The threat posed by the accumulator multi-signature system has been acknowledged by ElectrumSV, which is taking steps to prevent users from falling victim to transaction hijacking.
“Please do not change the script type of your wallet, and especially do not change it to accumulator multi-signature,” warned ElectrumSV in a tweet (opens in new tab). “As one of our users unfortunately found out, it is broken and using it will result in the loss of coins.”
The user in question is said to have lost 600 BSV - worth almost $100,000 dollars at current market rates - as a result of an attack that targeted weaknesses linked with accumulator multi-signature.
According to certain knowledgeable parties, the problem would never have reared its head had proper testing procedures been implemented in advance of public release. Others claim Bitcoin SV should not have adopted an alternative system in the first place.
“This situation would have been avoided entirely had BSV not ripped out the competent, time-tested and highly peer-reviewed mechanisms for multisig by Bitcoin in favor of far less efficient home-brew crypto,” wrote (opens in new tab) Gregory Maxwell, a developer at Bitcoin Core.
“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I’m not going to run any of it and risk finding out.”
- Here's our list of the best bitcoin exchanges (opens in new tab) around
Via CoinDesk (opens in new tab)