Bitcoin security remains a key area of focus for a lot of companies and individuals. And, so it should be, as your money is on the line if you sacrifice security for convenience. But, even the most competent company can sometimes run into a flaw that no one could have foreseen. BitGo’s recovery process almost led to a loss of 85 Bitcoin for one user.
BitGo’s Recovery Script
The issue came to light when one of BitGo’s users attempted to get a Bitcoin transaction – created by the company’s recovery progress – to go through the network. One thing you should know is that BitGo’s recovery tool is only intended for recovering legacy BitGo wallets, and not for anything else.
While this tool exists and is freely available, it should never be wielded by any BitGo user. However, there are always a few users who want to hone their skills and prove they can recover a legacy wallet without requiring any assistance from the BitGo servers. This appears to be what happened in this regard, and as you would expect, something went awry.
Before we go into detail on what happened, it is important to explain what BitGo’s recovery tool does, exactly. The first step taken by the user comes in the form of providing three pieces of information: a redeem script for the recovered address, a new address to send funds to, and private keys for signing the transaction.
Once this information has been provided, the BitGo recovery tool will get the list of unspent transactions for the recovered address [by using the Blockchain.info API]. All of the inputs from the recovery address will be transferred to the new address. This transaction between addresses will be signed and broadcast through the Coinb.in API.
Where Things Went Wrong
Even though all of the steps seem pretty straightforward, you have to keep in mind, this tool was never intended to be used for transferring large amounts of money. Reddit user rstn decided to use it anyway, and nearly lost 85 Bitcoin in the process. However, this also displayed a vital flaw in the recovery process, made publicly available on GitHub by BitGo.
After using the script, not all of the outputs in the address had been spent properly, and the transaction became a mineable transaction on the Bitcoin network. It didn’t take long for a large mining pool to mine this transaction, which would include an additional 85 Bitcoin to be distributed among its active miners, at that time.
Antpool, the Bitcoin mining pool, ending up mining the transactions, and got in touch with rstn and BitGo once they found out what had happened. All parties are currently working on returning the money to its rightful owner, and getting it to end up in the right Bitcoin address, as well. BitGo even offered to refund the full amount themselves, if this were a bug with their legacy tool [which they are still investigating as we speak].
Bug Has Been Identified
After a thorough investigation by BitGo, they managed to identify the bug which caused this major problem. BitGo’s legacy recovery tool is using an older version of a library, which causes a 32-bit truncation of values. As a result, there will also be a truncation of outputs on the recovery transaction.
In fact, this bug was introduced over a year ago, in BitGo’s fork of bitcoinjs-lib. Even though the bug itself has been fixed by the company, as of April 22nd 2014, the reference to this fix never made it into the recovery tool, for some unknown reason. If there is one lesson to learn from all this, it is that Bitcoin wallet security and recovery are still far from perfect for most users.
Images courtesy of BitGo and DollarPhotoClub