In a historic exploit, an anonymous hacker managed to generate 184,467,440,737 bitcoin on August 15th, 2010, drastically exceeding the cryptocurrency’s supply limit. This incident revealed a major vulnerability in Bitcoin’s code that failed to validate transactions properly.
Details of the Exploit
Bitcoin’s source code caps the total eventual supply at 21 million coins. The hacker created over 8,700 times more bitcoins than the 21 million supply in a single transaction. The hacker distributed these coins across three addresses, with two addresses each receiving an astounding 92 billion coins.
A flaw in Bitcoin’s transaction verification system was the cause of this exploit. When summing the transaction’s output values, the code failed to handle overflows above the maximum allowable quantity. This oversight allowed the generation of arbitrarily large amounts of bitcoin. Jeff Garzik, now CEO of Bloq, made the discovery and gave the exploit the title of a “Bitcoin overflow bug.”
Also read: Crypto Fund Inflows Maintain 11-Week Streak: Dips Compared to Previous Weeks
Response and Aftermath
Within three hours of reporting and five hours after the overflow bug attack, Satoshi Nakamoto and other Bitcoin developers issued a patch in version 0.3.1. This update included logic to reject transactions with overflow output values. The Bitcoin blockchain was also soft-forked to undo the damage, resetting to a state before the hacker’s block.
Significantly, 53 blocks were reorganized in the rollback. This marks the largest correction ever required in Bitcoin’s blockchain. For a brief period, two competing Bitcoin blockchains existed as miners adopted the fixed version. Led by Satoshi’s direction, the corrected chain eventually dominated after 19 hours, despite minor disruptions from the erroneous version. By block 74,691, the miners were able to firmly re-establish Bitcoin’s blockchain.
Remarkably, despite the severity of the vulnerability, Bitcoin’s market price rapidly recovered after the incident. By year’s end, Bitcoin’s value had risen over 300% from $0.07 to $0.30, likely owing to the swift and effective response. The exploit itself was erased in the blockchain reorganization, effectively destroying the 184 billion generated tokens.
Over a decade later, the identity of the hacker remains unknown. However, Bitcoin has significantly matured since then, possessing advanced security practices to prevent similar exploits. This early incident played a key role in battle-testing Bitcoin’s resilience during its formative years.