A critical flaw in Bitcoin SV’s ElectrumSV wallet has led to widespread theft, according to user reports on social media. BSV developers still have not announced a fix for the exploit.
BSV Multisig to Blame
Recently, Bitcoin SV abandoned Bitcoin’s original multisig feature (P2SH) and replaced it with a custom solution called “accumulator multi-sig” in order to facilitate faster payments. That script contains logic errors that allowed attackers to steal funds.
It’s not clear how many wallets have been attacked via the exploit, nor is the total value of the attack known. However, one investor, Aaron Zhou, reports losing nearly $100,000.
STOP using multisig accumulator feature in ElectrumSV 1.3.7 immediately. Script “0 0” can unlock directly. Someone stolen 600 BSV of mine. https://t.co/ADwqrmDK94
— Aaron Zhou (@dailyzhou) November 8, 2020
Others report that the vulnerability has been exploited for days—meaning the exploit could be responsible for potentially millions of dollars worth of losses in total.
Is This the End of Bitcoin SV?
Developers have not announced a fix for the exploit. In the meantime, they have instructed BSV investors to avoid the accumulator multisig script in their wallet settings.
Even if the bug is fixed, the attack could further damage Bitcoin SV’s already troubled reputation. The crypto community has widely criticized the project’s controversial leader, Craig S. Wright. Meanwhile, companies like BitMEX have raised awareness of other technical issues with Bitcoin SV such as block reorgs and chainsplits.
Though, None of those issues will necessarily drive away Bitcoin SV’s core users, who appear to be dedicated to the coin despite the project’s many ongoing controversies.
Update: Developers disabled the vulnerable multisig feature in ElectrumSV 1.3.8 after reports of user losses.
Original source: https://cryptobriefing.com/bitcoin-sv-exploit-widespread-theft/