CoinMetrics Exposes Bitcoin Private
On Sunday, Coin Metrics, an open-source crypto asset analytics team, released a damning report about Bitcoin Private (BTCP), a fork of both Bitcoin and ZClassic (which itself is a fork of ZCash). In the report, titled “Don’t trust, verify” in an evident nod to the popular saying in the crypto community, it was revealed that the project, which was painted as a private version of Bitcoin, could have potentially created two million tokens out of thin air, which wasn’t mentioned in the whitepaper.
More specifically, there were 102 “extra-large blocks” during the BTC “supply import” into BTCP, which created “400 unexpected outputs.” Per Coin Metrics, each of those mysterious block outputs contained 50 BTCP apiece, meaning that with 102 “extra-large blocks”, which contained 400 unexpected outputs, 2,040,000 BTCP was falsely minted out of thin air.
These tokens were reportedly routed to shielded addresses (a feature in ZCash), subsequently going unnoticed for a large period of time, due to the fact that block explorer sites didn’t take notice of this influx of fraudulent BTCP.
Then, between mid-July and mid-August, the individual behind the minting began to empty his/her holdings, withdrawing 300,000 BTCP from the shielded pool to presumably dump them en-masse. In all, per Coin Metrics’ estimates, the individual probably made away with $1 million to $3 million in profits.
At first, the crypto community at large, who has always had a penchant to detest Bitcoin forks, quickly bashed the Bitcoin Private team, claiming that they left a vulnerability on purpose. Some took to bashing Rhett Creighton, a controversial figure in the industry and a purported BTCP supporter. Others, like leading Bitcoiner Peter Todd, claimed that the founders of the project did it. Mike Dudas, the founder of The Block, took the time to double-down on his support for Bitcoin, claiming that this debacle only accentuates the fact that BTC is genuine, not a fork of any kind.
This sentiment was issued all throughout the cryptosphere, as notable industry insiders took to their Twitter pages to call out the project.
Chain To Be Hard Forked
However, since this report arose, those behind the project have since issued a lengthy response by the way of a Medium rebuttal. The response, which was posted just an hour or two ago, reveals what purportedly happened, accentuating that it isn’t the team’s fault that two million BTCP were premined.
In fact, it was explained that a non-core developer gained contributor access to BTCP’s GitHub, which allowed him/her to omit a pertinent line of code potentially accidentally. During the fork, an anonymous bad actor (maybe the developer under a guise) “exploited this bug” to generate the sum in question.
Keeping this in mind, the Bitcoin Private team has decided that it will be advantageous to hard fork its mainchain, removing all shielded coins from existence (only ~20,000 of which are legitimate, the other 1.7-1.8 million were falsely generated). The solution, which is being coded as this is written, will fix the over-supply issue on the chain and ensure that the bad actor cannot liquidate any fraudulent BTCP tokens.
Regardless, in spite of the quick response from the Bitcoin Private team, the damage has already been done to BTCP markets. Following the release of the exposé piece, the asset plummeted, falling from $2.42 to $1.9 within a matter of a few hours. And even upon the release of the response, BTCP maintained its foothold around $1.95, failing to move higher or lower in step with the overarching crypto market.
At the time of writing, BTCP is worth $1.96 a pop, with its 24-hour performance amounting to a 17.2% loss. Interestingly, this move comes on the back of an influx of volume, so tumultuous price action is likely to continue moving into the near future, especially as this controversy continues to unfold.