Bitcoin’s 21 Million Cap Can be Hacked
Bitcoin is supposed to have a cap of 21 million tokens, but that cap can be hacked.
Value Overflow Incident of 2010: The first incident occurred in 2010 when an unknown hacker was able to generate 184 billion Bitcoins. The incident exposed a bug that would have allowed a remote hacker to bypass the 21 million limit and create more Bitcoins.[1] The bug was thought to be fixed in 2010. It was not.
Value Overflow Incident of 2018: In 2018, the bug resurfaced in a more serious, but less widely publicized incident.[2] The 2018 incident was kept secret by Bitcoin’s developers so it could be fixed before altering the general public.[3]
The value overflow incidents exposed rudimentary mistakes made in the coding of Bitcoin. Bitcoin was created in 2008-2009 using a programing language called C++.[4] Since its release in 2009, the size of Bitcoin’s code has more than tripled. The changes are made by individuals other than the Bitcoin Creator, some of these individuals are anonymous foreign nationals. The code constantly needs updating because Bitcoin’s original code was incomplete and contained numerous errors.
[1] This notice describes the technical details of the attack as well as the fix, which was applied in 2010. https://www.cve.org/CVERecord?id=CVE-2010-5139
[2] This notice describes the same thing, except it pertains to the second attack in 2018. https://bitcoincore.org/en/2018/09/20/notice/
[3] The Latest Bitcoin Bug Was So Bad, Developers Kept Its Full Details a Secret – CoinDesk https://www.coindesk.com/markets/2018/09/21/the-latest-bitcoin-bug-was-so-bad-developers-kept-its-full-details-a-secret/
[4] Random numbers can only be generated using an analog computer. Bitcoin was created using the ‘rand()’ function in C++. This function is not considered secure. Mersenne Twister ‘mt19937’ was incorporated into a 2011 update to C++. Mersenne Twister is also not cryptologically secure, but more secure than ‘rand()’. Both of functions are known as “pseudo-random number generator” functions or PRNG. The PRNGs are called “pseudo” because digital computers cannot generate true random numbers.