Bitcoin just had an “inflation bug” and no, it is not dying

A responsible disclosure is not fun. Especially if the stakes are high and the timeline tight.


On 17th of September a vulnerability was found that could, in the very worst case, have led to a real on-chain double spend. I will not go into the nature of the bug, how it was found and who resolved it (although that story is great and an amazing example of efficiency). Instead, I will focus on what it would take (or rather have taken) for an attacker to actually exploit the vulnerability and what he would stand to gain from it. There is a lot of misinformation about this in the media right now.

The attacker has to be a miner and he would have to create a block that includes a specially crafted transaction that spends the same input twice in the same transaction.  This transaction cannot be one that he picked up from the network, where such a transaction would not propagate. Think of it as handing over the same twenty Swiss Francs bill twice in one payment at the grocery store. The grocery store actually received forty Swiss Francs even though you only spent one twenty Swiss Francs bill. The total monetary supply just increased by twenty Swiss Francs. This is why the bug is often dubbed as an ‘inflation bug’. The bug originated in the bitcoin core node software – this is run by companies dealing with or accepting bitcoin as well as individuals or developers in order to independently verify the information that they get from the blockchain. Since version 0.15.0 (September 2017) it no longer recognized such transactions as invalid.

After the bug was found, only few hours passed before version 0.16.3 was released and as of now already 19% of publicly visible nodes run on that version[i].

A miner running such an attack however runs the risk that despite many nodes not noticing the creation of money, other players will. He runs the risk that the betrayal of the network rules is picked up by humans instead of nodes. If this happens quickly enough, the operators of nodes, especially of economically relevant ones at exchanges will manually override and ignore this block. All it takes for this is one input in the bitcoin core node terminal. All preparations for such a step are taken. This would subsequently lead to a split in the blockchain, where nodes with observant operators follow a different chain than those nodes that do not. However, there is still a risk that the attacker can get his unjustly gained coins to an exchange, sell them there and withdraw the proceeds in fiat or a different cryptocurrency before the exchange notices the split and freezes operation. Given the mentioned efficiency and careful observation of certain individuals, the risk of such an attack, especially in economically damaging amounts, is very low.

It all comes down to two things. Firstly, what does the attack cost the attacker and secondly, how fast is the network likely to notice the anomaly and work around the culprit before he can take his profit.

Since the attacker has to be a miner and put his inflating transaction into a block which would otherwise have been valid, he is losing out on the reward for the block, yet still has to cover the production cost of that block. If the attack is unsuccessful, he just lost 12.5 BTC (plus fees), or at current rates roughly CHF 80k. This represents his investment.

To the second point, for the likelihood of discovery, that very much depends on the level of automation. Above, I only mentioned the manual, human means of discovery, but this is certainly not all. Projects like Statoshi or Bitcoin Optech continually monitor all possible network parameters. Fork monitors run different node software to determine any deviations. Developers do that to notice deviations between their software to bitcoin core and actually any bitcoin node will notify its operator if it determines that it is running on a minority chain, i.e. if there is a chain that is at least six blocks longer, but the node determines that chain to be invalid.

There are mechanisms in place to monitor the network for inconsistencies. In that context, the fact that the commit that enabled this bug only happened last September is very good news. Older versions are therefore not affected.

As of right now, 64% of nodes are secure, only 31% are vulnerable and 5% of publicly visible nodes do not send a standard version identifier, which means that it is unknown if they are affected or not. Those numbers obviously come after 19% of nodes have already updated to 0.16.3, but even if we assume that all of those have previously been on an affected version 0.15.0 to 0.16.2, this means that in the worst case scenario, there are still 31% of nodes that have not been vulnerable at the time of disclosure.

This rather high number, together with tools that monitor anomalies in the network, make it very unlikely that an attacker would be able to successfully spend his unjustly gained coins before the community notices and self-adjusts.

As a corollary to this: We do know that this exploit has not been executed in the past. For the very simple reason that pre-vulnerability nodes, running lower versions are purposely still up, running and in sync with the vulnerable ones.

Above considerations are valid for BTC. Smaller networks skew the numbers significantly. If it is cheaper to create a block, or rather if the opportunity cost of missing out on one, is smaller, the investment for the attacker goes down. Moreover, if there are fewer nodes and fewer developers monitoring the network, the likelihood of success goes up massively.

[i] For this and the further number of nodes, I source the information from This gives an indication about the network. Getting exact numbers is impossible though, since many nodes do not publicly advertise their existence.

Crypto blockchain analysis: the tool for criminal investigations and AML & KYC requirements

The Crypto Privacy Myth

Crypto and Bitcoin are terms synonymous to many with secrecy and illegality. Stories of drug dealing, tax evasion and money-laundering have dominated the press on Bitcoin in earlier years. Many consequently, and wrongly, assume crypto to be a cover for criminal activity.

In fact, Bitcoin and the majority of other crypto assets provide safeguards against criminal use. They are public blockchains where each coin’s history and chain of ownership is permanently and publically logged. The journey of a coin can be traced back in time – and it can be followed going forward. Compare this to a bank note, with no such history attached to it. These permanent records mean Bitcoin does not offer the same level of privacy as cash.

Governments and other institutions are able to gather a large amount of data from public blockchains. Had the transactions occurred with traditional money such information would not be available.

A number of innovative firms are using proprietary intelligence tools to analyse blockchains to create reports for anti-money laundering (AML), counter-terrorism regulatory (CTR) and know-your-customer (KYC) requirements. They search the public, and freely accessible, blockchain to build a historic picture of the blockchain addresses and transactions.

Shift in Criminal Activity

New technologies are often first adopted by those with questionable intents. The internet’s early use was disproportionately used for unsanitary and illegal reasons.

The crypto market has entered a maturing and exchange-dominated stage. The time of the illegal and unethical activity being the majority of transactions is now history. In the early years, criminals could hide behind Bitcoin when no one was looking and when it was little understood. A paper (published by Paolo Tasca, Shaowen Liu and Adam S. Hayes of University College London, Deutsche Bundesbank and University of Wisconsin-Madison respectively) concludes that the crypto market has moved away from mainly illegal activity towards a market dominated by legitimate merchants.

A sample study on Bitcoin Laundering by the blockchain analysis firm Elliptic finds the vast majority of funds received by conversion services (e.g. crypto exchanges) do not appear to be illicit. The study notes that the volume of coins previously used on the Bitcoin network for illicit reasons entering conversion services has decreased over time. Another firm, Chainalysis, reported “the share of Bitcoin transactions sent to darknet markets has declined from 30% in 2012 to less than 1% in 2017”. These studies concur that the relative decline of Bitcoin usage in the darknet is largely a consequence of the rise of legitimate uses of the Bitcoin network.

USD currency is used for terrorist financing, money laundering and drug dealing. The common mistrusting view of Bitcoin starts to look unjustified when comparing the low levels of illicit activities using Bitcoin against the levels of criminal activity using USD.

The real current concern regarding illegal activity in crypto is their use as a way to obtain cyber ransom proceeds (Elliptic’s study finds 16% of illicit Bitcoins entering conversion services come from ransomware in 2016 compared to just 0.5% in 2013). This is most commonly demanded in cybercrime and ransomware attacks (e.g. hacking and taking control of an entity’s system then demanding crypto as ransom).

Blockchain Analysis for Forensic Investigation and Law Enforcement

Analysis of a blockchain, combined with other data sources, can provide game-changing information and data. Governments, regulators, secret services and law enforcement agencies are using data analysis of blockchains.

Natural persons behind crypto transactions are identified at the point of “fiat gateway”. This is where, at some point, the individual exchanged crypto for their fiat currency (or vice versa). The crypto transactions can be followed to the fiat gateway. The firm providing the fiat gateway (e.g. a fiat-to-crypto exchange website) provides law enforcement agencies the identifying data on the individual. As the availability for direct crypto purchases for goods and services increases, the range of fiat gateways will open up. Depending on the size of the transaction, identify verification may or may not be required (as with current traditional transactions). The burden will be on the vendors to meet regulations for acceptance of crypto payments.

The US Department of Justice used the “immutable, digital footprints” of the Bitcoin blockchain to identify a federal agent working undercover on the Silk Road Task Force that was abusing his power and selling information to obtain crypto. Leaked papers from the US National Security Agency (NSA) indicate they are delving into the blockchain to gather data and locate individuals.

Blockchain analysis companies Coinfirm, Neutrino, Chainalysis, Elliptic, Blockchain Intelligence Group and CipherTrace provide services to law enforcement agencies, intelligence agencies and regulators in blockchain surveillance and forensic investigation. These companies assist in tracking criminally obtained funds and in investigations of money laundering, ransomware and the darknet.

Chainalysis were the official investigators in the Mt. Gox bankruptcy case (a Bitcoin exchange that went into bankruptcy after losing a large number of funds). They have also contracted with many US government agencies including the DEA, FBI and IRS, worked with Dutch police to track down criminals involved in darknet markets and have successfully identified the attacker in a ransomware case.

Elliptic was engaged by a law enforcement agency to identify an individual using Bitcoin for illegal firearms trafficking and have engaged with the FBI, homeland security, IRS and SEC. They also investigated the flow of funds related to a Russian hack.

Neutrino collaborated with Sophos to trace and interpret crypto flows involved in the ongoing SamSam ransomware threats.

Blockchain Intelligence Group has established an office in Washington D.C. to keep close proximity to key federal agencies and provides law enforcement and regtech services.

Despite the use of advanced and obfuscating crypto strategies aimed to hide identifies, criminals are being foiled by blockchain analysis and intelligence. Governments are using the new public technology to their advantage. They are benefiting from the transparent feature of blockchains.

Blockchain Analysis for AML and KYC

These same blockchain analysis companies use their proprietary software and methodologies to provide comprehensive reports on fund origin checks and risk assessments for AML, CTF and KYC requirements.

Blockchain analysis companies provide individual credit risk ratings for each address – every coin is not equal. This is because the Bitcoin network stores all transaction history which is immutable (it cannot be altered). A coin can be considered “tainted” (see next section) if it is linked to previous illegal transactions. For example, an A rating for where no risks were identified vs. a C rating when it has been linked to ransomware attacks. Crypto exchanges, financial institutions and ICOs use these ratings for AML and KYC purposes.

Figure 1. Extract of example AML/KYC risk report on Bitcoin address by Coinfirm. Search and check blockchain addresses to get initial AML and financial risk assessment results for free.

Note this diminished fungibility (where one unit is equally interchangeable for another) is unlike fiat cash. An A rated Bitcoin address is not equal to a C rated Bitcoin address, as the lower rated coins will be rejected by financial institutions and crypto exchanges. Whereas, one USD is legally equal to another one USD.

Coinfirm has collaborated with Iconiq Lab (an ICO accelerator) to provide AML services for their ICO partnerships. They have also partnered with Payment21 (a Swiss-based crypto payment processing firm) and with Billion (a blockchain based payment platform). Coinfirm is launching their AML token (AMLT) designed to enhance their data knowledge by encouraging members to provide AML ratings and information in exchange for tokens.

Chainalysis is working with Barclays and Circle to provide information used to investigate the source, activity and destination of their client’s crypto funds.

Blockchain Intelligence Group has contracted with a number of firms to provide crypto risk assessment and compliance services such as with ATB Financial.

These modern approaches to AML and KYC are accelerating the crypto industry’s integration into the mainstream system and into existing regulatory requirements.

How to Analyse the Blockchain

The scope of public blockchain information available depends on the blockchain, but the Bitcoin blockchain holds a lot of data. It can be publicly accessed by anyone. Websites such as provide free and easy-to-use interfaces to extract blockchain information.

Figure 2. 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r is a known Bitfinex Crypto Exchange (the company, not a user) wallet address – enter this into a blockchain explorer site.

Every address (typically held in a wallet) and every transaction address can be searched on the Bitcoin blockchain.

Key transaction data available:

  • Size in BTC
  • Fees
  • Timestamp
  • Origin addresses
  • Destination addresses

Key address data available:

  • Total coins sent
  • Total coins received
  • Final balance
  • Number of transactions

This raw data, along with other information obtained, is used to create the AML, KYC and CTR reports. For example, analytics can be performed to categorize wallets into types of users (such as wallets owned by crypto market exchanges or private wallets) based on their transactional behaviour. Judgement is then made on the groups and on the quality of their crypto holdings. Another method involves clustering – where multiple transactions and addressed can be linked together and associated with one owner. The owner is identified at a fiat gateway, or via alternative methods such as investigating an identity from their online public mentioning of a crypto address (for donations or payment requests).

A publication by Imperial College London visualises actual Bitcoin transactions and clearly identifies certain behaviour. For example, figure 3.1 shows how a firm can link many small payments to the same transaction and figure 3.3 shows a historic pathway of transactions from user to user. Explore the Bitcoin blockchain by amending the block numbers in the URL to visualise block transactions.

Figure 4 Visualisation of actual Bitcoin transactions: As coins move via transactions between addresses the history is saved and judgements are made on their journey.

Importantly, it is established if a coin has a questionable history. This is when the coin has entered services such as mixers (services that mix crypto to obscure their historic trail) or to wallet addresses that are already known to be associated with illegal activity. At this point, the coin is tainted and this is factored into the blockchain analytic companies’ reports.

The Right to Privacy

Many crypto enthusiasts value the importance of privacy, anonymity and freedom from central authorities such as governments. The advancements in blockchain analysis by governments may be seen by some as an attack on their principles of crypto. They will look for alternative ways to pursue their goals.

“Privacy coins”, such as Monero and Zcash, help make transactions anonymous. Other services, such as mixers and unregulated crypto exchanges, are used to attempt to blur the historic linkages. It is expected that while most governments are now moving forward to provide a regulatory framework to support the crypto industry, they are likely to exclude the permission of privacy coins.

Evolution of the Industry

A large amount of useful information can be obtained on analysis of a Bitcoin transaction. It is information that never would have been available had the transaction occurred with cash.

Blockchain analysis firms are helping crypto become mainstream by using technology to provide robust KYC/AML services and to assist in forensic investigations. Regulated institutions are using these services to invest in the industry. A deeper understanding of the assumptions used by the blockchain analysis companies is required to strengthen their acceptability for KYC and AML regulatory requirements.

Leading financial service firms in the emerging crypto market are taking a professional and proactive approach to regulatory requirements using blockchain analysis to enhance their AML and KYC procedures. Governments, regulators and other agencies continual collaboration with the crypto world is helping establish stability in the industry.

The BIS report – a rebuttal

Just a few years ago, every mentioning of cryptocurrencies in publications of the established financial systems was celebrated for the recognition that the young community received. These early days are clearly over. When the Bank for International Settlements (BIS) published a chapter about cryptocurrencies in their 2018 annual report, the community’s reaction was far from positive. The responses on twitter were of a form that we don’t intend to reproduce here. So this might generate some heat from the community as well: The report is actually fairly good. The technological valuation is sound, the economic critique is warranted. So where does this discrepancy originate? The BIS report fell short on only two aspects: It evaluated the technology for what it was a year ago and it criticizes cryptocurrencies for failing to be something that they do not aim for.

The technological criticism

Granted, it would not be prudent to take into the equation technology that does not exist yet. To trust that something will be around to save the day. Any prediction that something does not work is dangerous because some technological advancement might come along and render the counter-arguments invalid. But for the same reason a prediction that something does work can only rely on the current state of technology, not the hope for some breakthrough. The by far most famous example of such a misguided prediction is The Times newspaper’s prediction of 1894 that “In 50 years, every street in London will be buried under nine feet of manure”. Understandable at the time but obsoleted by the invention of the car. If an analogue prediction had been made in the
1920s, when the number of horses in London was even higher than in 1894, the prediction would seem negligent now instead of being a quirky anecdote of a time preceding the invention of the car. Analogously for the case of cryptocurrencies, when evaluating the scalability of the system, it is negligent to base this evaluation on the state of technology as of a year ago and discarding the technological breakthroughs that already happened. The BIS report does acknowledge the existence of proper scaling solutions, but hides this in a footnote, which does not acknowledge its relevance. So here it is:

Proposed solutions for the scaling problem include the Lightning Network, which essentially shifts small transactions off the main blockchain and into a separate pre-funded environment.

The Lightning Network is live and working. Indeed it still needs to increase adoption and for political reasons might fail to do so, but the technology is a settled thing. Instead of communicating every transfer to every participant of the network (if a cryptocurrency would reach global levels of adoption potentially billions of redundant copies of the same load of data), the Lightning Network communicates a transaction directly from the sender to the recipient or via up to 20 hops along the edges of the network. No permanent record is required beyond the closing of that particular channel, which might happen once every few months. Further improvements are also already in great progress, but since those are not live yet, it is fine to ignore them for the time being. Such a network topology does not “bring the internet to a halt”, as the BIS report put it. Even on today’s hardware and today’s global network infrastructure.

The second major infrastructure criticism is the ‘mining’ of cryptocurrencies. Here again, the BIS report is doing an exceptional job at analyzing the process. The description is among the most understandable and accessible that I’ve seen so far. It correctly identifies it as the “mathematical evidence that a certain amount of computational work has been done, in turn calling for costly equipment and electricity use”. This leads to the often made (and true) statements that “At the time of writing, the total electricity use of bitcoin mining equalled that of mid-sized economies such as Switzerland”.

What the report does not take into consideration however, as do most other criticisms, is how the electricity usage scales with the growth of the network. Not at all. Whether a block validates 1000 transactions or 2000 transactions or zero. The amount of electricity is the same. Arguments starting from the current electricity usage and extrapolating to a more widespread usage are invalid. The electricity consumption scales not with the use but with the desire for security in the system. Given an equilibrated system the electricity consumption will be close to the expected monetary reward. If that leads to fees that some use-cases of the system are not ready to pay because they do not require that level of security, then those use-cases will move to other systems, e.g. the still trustless Lightning Network. What remains on-chain is the desire for the native security. This mechanism is currently (at least in Bitcoin) still offset by the ‘block subsidy’ an extra reward of freshly mined coins that does not originate from fees that somebody pays for security. The desire for security might still increase, the block subsidy decreases. In net effect, the electricity consumption will probably rather decrease in the long run or stay roughly the same, even when faced with a much higher use.

The economic criticism

Cryptocurrencies do not aim to be easily adaptable to changing economic situations. They are not suitable as a replacement for the central bank money. On the contrary, they aspire to create stability by predictability. The future supply of most cryptocurrencies is predetermined (Ether is a notable exception of this). This is not to say that they do not have a place in the mission of a central bank.

The Swiss National Bank holds 1040 tonnes of gold. It does not do so because it thinks that gold would make a great payment system. To set it in context to the explicit goals and responsibilities of the Swiss National Bank, room for cryptocurrencies are not in the primary goal, the ‘price stability’, but rather in the ‘asset management’ task. In contrast to that, the BIS has been looking at cryptocurrencies only in the context of a form of ‘cash supply and distribution’, where it miserably fails, as the BIS correctly concluded. Precisely due to its highly predictable supply.


Figure 1: Source: BIS annual report 2018

The BIS coined the ‘money flower’ for characterizing forms of money based on discrete criteria. The central element of that, checking all boxes, is the ‘Central bank digital currencies (retail)’. In this taxonomy, the only difference between that and ‘Cryptocurrency (permissionless DLT)’, under which the BIS also counts Bitcoin and others, is the checkbox for ‘Central bank-issued’. If this is a benefit or drawback strongly depends on the use-case at hand.

(It is almost ironic at this point that – in this admittedly very simplified visualization of the already simplified reproduction of the original arguments – the only difference between ‘bank deposits’ and ‘virtual currencies’ is the wide accessibility. To make no mistake about the meaning, the prototypical example of a ‘virtual currency’ mentioned in the BIS report is World of Warcraft gold. While indeed more people currently use Bank deposits than WoW gold, the criteria for accessibility to the latter literally only requires internet access and a local shop selling a copy of World of Warcraft, while 31% of the adults do not have access to any financial services. So arguably, ‘bank deposits’ and ‘virtual currencies’ do not differ in this simplified characterization of the money flower.)

The mandate of a central bank is indeed incompatible with using a decentralized cryptocurrency. A central bank issued currency sources trust from its sound reaction to economic conditions, resulting in price stability in the day-to-day life of its users. Decentralized cryptocurrency without room for any political or monetary decisions sources trust from its non-reaction to economic conditions, resulting in value stability independent of day-to-day whims and fluctuations.

“Strong oversight and central bank accountability both help to support finality and hence trust” says the BIS report. This is probably the starkest difference between the view that the BIS holds on transactions and what the cryptocurrency community sees in that technological advancement: The BIS achieves trust through finality. Cryptocurrencies achieve finality through trust.