Official Statement on CoinMetrics Report

What Really Happened?

  1. A bounty for a specific issue was posted, which can be seen here:
  2. A developer accepted the bounty, becoming a BTCP developer. He was promoted to a contributor on GitHub, allowing him to merge pull requests.
  3. The developer completes the issue, merges his own code, and is sent his reward. One line of code is missing which allows the fork mine to be exploited due to the nodes not properly verifying the falsified fork blocks. The code can be found here and was merged on January 5: The missing line of code is as follows: || tx.vout.size() > 1. We determined this after the CoinMetrics report was released.
  4. After collecting the bounty, the developer in question stopped working on the BTCP project. The contribution team has not heard from him since January. We have reached out to him for comment.
  5. During the publicly announced fork mine, a bad actor exploited this bug, creating 2 million coins. It went unnoticed by the contribution team until it was uncovered by CoinMetrics.
  6. Coinmetrics notices something is not correct with the supply. They investigate and uncover the exploit.
  7. BTCP Contribution team begins it’s own investigation to uncover the bad actor and determine the best way to move forward.
  8. BTCP Contribution team requested for deposits and withdrawals to be closed on exchanges trading BTCP.

The Bad

The Good

Who Did It?

What Else Can We Do?

  1. CoinMetrics has stated they believe less than 20k legitimate BTCP coins exist in shielded addresses along with 1.7–1.8 million illegitimate coins. Our team is favoring an option to hard fork and remove all shielded coins from existence. While this would cause the 20k legitimate coins to disappear, we believe this is preferable to the alternative of leaving the 1.7–1.8 million illegitimate coins in circulation. This would also fix the over-supply issue.
  2. We could perform a hard fork to remove all unmoved coins, which we believe to be greater than 12 million BTCP. This would fix the supply issue, but would not remove the illegitimate coins.

Bug Bounties




Bitcoin & ZClassic fork-merge with a focus on making private cryptocurrency transactions mainstream.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bitcoin Private

Bitcoin Private

Bitcoin & ZClassic fork-merge with a focus on making private cryptocurrency transactions mainstream.

More from Medium

Oil Painting


Confessions of a murder

Universal Dimensions