A hacker has stolen 235 million Pigeoncoin (PGN) tokens through a Bitcoin protocol bug.
The attack on the cryptocurrency’s source code is said to be $15,000, that is PGN priced at $0.000065.
Pigeoncoin $15,000 Hack Proves Bitcoin-Fixed Bug Allows for 51% And Double-Spend Attacks
A bug in the Bitcoin code, CVE-2018-17144, which was fixed on September 19 was a serious hazard to the Bitcoin network. The vulnerability could have allowed a hacker to create a situation called a “51% attack” and initiate a double-spend attack. Digital currencies based on Bitcoin’s code would naturally become easy targets for attackers if no fix were to be applied to their own code, according to Cornell University professor and cryptocurrency expert.
“Copycat currencies are at risk. By definition, there’s always a group upstream that knows their vulnerabilities.”
Pigeoncoin (PGN) is a copycat currency when it comes to the source code and developers didn’t integrate the upstream fix for the CVE-2018-17144 Bitcoin bug in due time. The delay cost the PGN network 235 million PGN coins, which is more than 25 percent of the cryptocurrency’s circulating supply of 923 million PGN.
The Pigeoncoin hack took place on September 27 with the crashing of its nodes and a double-spending attack which resulted in the creation of 235 million PGN. The total circulating supply of Pigeoncoin will now surpass 1 billion PGN as the outcome of the criminal event. The digital currency’s market cap ranges between $60,000 and $120,000.
Developers patched the bug the very next day but it was too late. Trading resumed on October 2. Besides Bitcoin, whose developers fixed the bug on September 19, a number of large digital currencies are based in the same source code. Their communities, however, were quick to apply the CVE-2018-17144 patch. Other low-volume coins with less dynamic networks may also be vulnerable to the same hack.
While the flaw was quickly handled by Bitcoin Core developers and most large cryptocurrencies, its exploit could have led to a disaster if it made it to production release, such as what was observed with Pigeoncoin. The entire network could have been easily crushed with a 51 percent attack followed by a double-spending attack.
At the time of the fix on September 19, Emin Gün Sirer told Vice that the entire network could have been brought down for less than $80,000. “That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.” The bug was considered to be one of the top 3 flaws ever found on the Bitcoin source code.