Skip to main content

A flaw in this popular crypto wallet could put your stash at serious risk

Bitcoin SV
(Image credit: Shutterstock / Diego Ioppolo)

A serious security flaw has been identified in crypto wallet Electrum SV, which has caused some users to lose their Bitcoin SV (BSV) funds.

Bitcoin SV is a fork of Bitcoin Cash, designed to improve the speed at which transactions are processed. However, to optimize for speed, BSV watered down some of the technical features in place to ensure coins remain secure in transit.

Namely, BSV did away with the pay-to-script hash (P2SH) feature, used to verify transactions that need to be greenlit by multiple parties (also called multi-signature transactions).

In its stead, developers of the ElectrumSV wallet (and likely others) introduced a feature called accumulator multi-signature, which is now understood to be highly insecure.

Crypto wallet vulnerability

The threat posed by the accumulator multi-signature system has been acknowledged by ElectrumSV, which is taking steps to prevent users from falling victim to transaction hijacking.

“Please do not change the script type of your wallet, and especially do not change it to accumulator multi-signature,” warned ElectrumSV in a tweet. “As one of our users unfortunately found out, it is broken and using it will result in the loss of coins.”

The user in question is said to have lost 600 BSV - worth almost $100,000 dollars at current market rates - as a result of an attack that targeted weaknesses linked with accumulator multi-signature.

According to certain knowledgeable parties, the problem would never have reared its head had proper testing procedures been implemented in advance of public release. Others claim Bitcoin SV should not have adopted an alternative system in the first place.

“This situation would have been avoided entirely had BSV not ripped out the competent, time-tested and highly peer-reviewed mechanisms for multisig by Bitcoin in favor of far less efficient home-brew crypto,” wrote Gregory Maxwell, a developer at Bitcoin Core.

“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets. I can say for sure: I’m not going to run any of it and risk finding out.”

Via CoinDesk