The 184 billion BTC overflow bug is a reminder that even “immutable” code is only as trustworthy as its review process. The real miracle isn’t that a bug happened, but that Satoshi patched it in hours and the network agreed to roll back. Decentralization is great, but consensus is everything
BTC has occasionally obtained community driven patches by distributed consensus rather than a centralized approach (as recently as 2021 with the Taproot soft fork). When Quantum Computing finally becomes a threat to BTC, there will almost certainly be a distributed consensus to update the protocol again. Now what happened with Ethereum could be argued as not so decentralized since the organization (Ethereum Foundation) has extremely strong political influence over the corporations that support it.
I really hate the “someone will certainly solve this problem!” mentality.
You can’t just magically update the protocol to work around the ability of someone to break elliptic curve cryptography. That not how this works. It’s not how any of this works.
Bitcoin (et al) is/are not fully decentralized in the sense that a core development team actively maintains and proposes changes, even minimal ones. While it's true that major updates require broad consensus and may be rejected by nodes if controversial, we should acknowledge that certain points of centralization exist, particularly around development and decision making. These often overlooked aspects now carry more financial consequences, especially as Bitcoin becomes more intertwined with regulated financial instruments and political power.
For example, now, many L2s around Bitcoin are fully depending , and influencing on a future change: enabling again the OP_CAT opcode [1].
One of the biggest points of failure I can see happening is self hosted node packaged software services like umbrel. Where they are just updating your node for you.
What Ethereum did after DAO was way more sinister. At least with the Bitcoin "roll-back" there were no transactions reversed. The miners just got together and started mining from a previous point in the Blockchain, and eventually the new chain had more work done and was validly accepted by even outdated nodes. Ethereum just went ahead and added this to their protocol: "ummm this transaction stands reversed, you don't need to verify signature for this particular transaction". This blot will stay in the protocol for ever.
Yeah that's a great example. I think sometimes people take "code is law" too seriously, when it is clear to me the code is just a deterministic way to form a consensus that works 99% of the time and the other 1% you get forking.
Indeed. Permissionless blockchain is much less of a technological innovation, but more of a governance innovation, specifically an accountability sink, where instead of a named entity (corporation, institution, person) being in charge, you have this amorphous blob in charge that does come together if its interests are affected (this 184 bn Bitcoin bug, the DAO hack, etc.), but otherwise even in the presence of heinous crimes shrugs and says: "who, me? what can I do?"
I don't understand why that's so attractive to so many participants - possibly because the enormous negative externalities of such a thing more often than not don't fall on themselves, but other, more vulnerable people.
(Not always though: when 200 Bitcoin were stolen from ultra-libertarian Bitcoin developer Luke Dashjr, he came crying for help from the bad bad centralized FBI rather quickly...)
Comsent by whom? In most "decentralized governance" projects I've heard about, all you need is for the holders of 51% of the tokens to agree, and the holders of the other 49% have no recourse but to leave.
No, that's completely different thing. Mining power only "decides" about the blocks in the blockchain. 51% is only relevant in the context of taking over the blockchain by 51% attack.
Software versions and updates require social / economic consensus and have nothing to do with mining power. Bitcoin is open-source protocol / software and everyone can use whichever version they like. But there's also economic incentives to use the most used version and to make sure that it will keep being the most used version, i.e. forks are bad and should be avoided, therefore it's in everyone's interest to reach consensus.
So there are two different places that a coup against bitcoin could occur? Processing and Software.
With something like 45% of processing controlled by entities in Iran, China, and Russia, it seems like an absolute fools game to put any significant wealth in Bitcoin. All it would take is a significantly effective worm to destroy bitcoin. But hypers gonna hype.
It's the same as any currency. If the place you want to spend it only accepts currency y then you must trade for currency y to spend money there.
Since Bitcoin is software anyone can fork it and create a currency y with the same ledger up to the fork but few people do because convincing other people to trade for it without a very strong argument is hard.
Yes, but I was talking about "decentralized leadership" in all the projects following Bitcoin, which often use 51% of stake instead of 51% of mining capacity, under the social theory that the biggest stakeholders will be the most invested in the outcome of the project.
Those with at least 51% of the sustained hash power can already redefine “Bitcoin” to be whatever they want… At any time whatsoever? (assuming they stay cohesive enough as a bloc)
That statement is a bit misleading. The damage an attacker can do through a 51% attack is much more limited than that. It allows an attacker to censor transactions or perform double spends, but it does not allow them to "redefine Bitcoin" (e.g. change consensus rules, arbitrarily reassign coins, etc.).
> ...until someone exploited a code defect and took the founders' money, then they re-write history and ignored the hypocrisy.
Not everybody agreed - and so the Ethereum Classic blockchain was created, causing all the problems that go hand in hand with having different, forked blockchains:
That's different because in Bitcoin's case there was a clear violation of the specification, of how it supposed to work. So the bug was fixed to make the software working as it intended to be. If there were two node implementations then one would just stop to work until fixed.
In Ethereum's case there were no violation of any specification. In fact there were no bug in the blockchain itself. Just someone took founder's money, they didn't like it and so they decided to get them back. And note that after that, there were bugs in the nodes code that were breaking the spec (which you should compare to the bitcoin's bug), but because of multiple node implementations only some of the nodes stopped and so we don't care about those issues.
That's probably more important than worrying about bugs in the code. There will be bugs, the concern is what are the rules for rectifying the damage done by those bugs. Plus, where do I go to appeal if I disagree with the decision?
It’s based on a social consensus only, the rest (Nakamoto Consensus, PoW, longest chain, difficulty adjustment, block halving, artificial limited supply, decentralization, censorship-resistant P2P network, open source, etc.) is a combination of a Rube Goldberg machine & crypto bros LARPing.
There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted (including the fact that the Bitcoin paper uses game theory to give evidence why malicious entities attempting to create another fork will by the mere design of the algorithms have a hard time).
What is, of course, social consensus are some aspects about what it "socially" means that there exists this concrete consensus in the blockchain. By the design of the protocol and its data structures, there do exist boundaries concerning possible "social interpretations" of this consensus, but a lot of aspects are up to different interpretations.
> There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted
Not quite. Distributed consensus had been solved in the 1980's theoretically and the 1990's practically, even in the presence of byzantine nodes. What Nakamoto consensus was first in was to extend this to the permissionless setting (at enormous expense & inefficiency, and with no benefits, in my view; though enabling large scale rule breaking or "censorship resistance", which some see as a benefit).
Bitcoin is the OG Birkin Handbag. Valuable for the story. People compete to own a bit of it for that. You can create your own Bitcoin clone and own all of it! But no story, no value.
Bitcoin didn’t solved a forkability and finality problems. Blockchain (or more properly hashchain) is a linked list of hashpointers, and since anyone can create a hashpointer pointing to the head of the hashchain - it means anyone can fork it. And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
IMO PBFT consensus algos have a niche applications anyway, and not required for Electronic Cash implementation, only for decentralized and/or disintermediated Systems-of-Record, but that’s a complete opposite of bearer instruments like electronic cash.
> Yes, they existed a long time ago and aren't wasteful as a way to generate "value".
Can you give me a literature reference for such a result, because this claim surprises me.
Of course Merkle trees existed long before - but they are just "cryptographically signed data structures", and thus don't solve the distributed consensus problem.
Of course eCash existed long before - but it depended on some central authority.
Of course distributed consensus algorithms existed long before - but they depended on the fact that all participants are trustable.
Thus, in my opinion Satoshi Nakamoto indeed made a really important scientific contribution for a quite specific algorithmic problem.
> Of course distributed consensus algorithms existed long before - but they depended on the fact that all participants are trustable.
No. They depended on the fact that all participants were known (in other words, the permissioned setting). Among those known ones, some (less than n/3) could go bonkers, all the way byzantine, and the honest nodes would still be guaranteed to find consensus (with consistency and availability).
That "rube goldberg machine" is what makes social consensus possible in a distributed system where everyone is anonymous and there's no single centralized authority.
Yes, but no. The Rube Goldberg of PoW isn't just for show, it's a protection from Sybil attack (not that it makes the economics of it any less of a disaster).
You cherry picked one thing from the list, and even there made a mistake.
In Bitcoin PoW used as a method for leader election of the node composing the list of validated transactions on the ledger (aka block), or even an empty list of transactions (aka Nakamoto-style Consensus).
But without all the Rube Goldbergian nonsense it’s simply an illegal/unlicensed lottery where the participants pay with electricity for the right to earn records on the longest chain (aka UTXO with mining block rewards).
> The Rube Goldberg of PoW isn't just for show, it's a protection from Sybil attack
he cherry picked PoW
no, Nakamoto-style consensus is not the same thing as PoW, or even PoW+LCR, not even the same thing as Bitcoin consensus.
Nakamoto-style consensus simply means that we're doing a leader election, and the leader does the transaction validation (aka mining a block in Bitcoin-speak).
The novelty of Nakamoto-style consensus is how we're doing this leader election, i.e. using PoW, PoW+LCR, PoS, PoET, PoA, Proof-of-X, etc.
How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
> Bitcoin didn’t solved a forkability and finality problems.
There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
> And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
I was at Bitcoin scene since 2011, I think that I can distinguish LARPing from the real thing. It's not me who created a dychotomy between fiat and crypto, between HODLers/coiners and noicoiners, between Traditional Finance and Crypro Finance, between CeFi and DeFi, between IPOs and ICOs, etc. Crypto always looked like a Pinoccio who want to become a "real boy".
> "it’s simply an illegal/unlicensed lottery"
yes, the PoW-based mining is litterally called a puzzle solving or a lottery. How do you call a game where everyone buys a ticket with electricity, but only one at a time wins a block reward?
> How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
OK, BFT (not PBFT algo) is a class of problems with many proposed solutions, but none is good enough if you need scalability. Bitcoin is a partital solution under multiple constraints, even 1/3 of malicious nodes can undermine it. Internet backbone (BGP) should be trusted. Governments should allow it. etc.
> There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
the on-chain Bitcoin transactions are never final. Everyone have their own heuristic how many blocks to count depending on the amount transacted. Protocol only defines how many blocks gamblers (miners) need to wait before they can spend their lottery winnings (block rewards).
> That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
There were many more than 2-3 both intentional and bugs, but why argue? Even 2-3 hard forks are enough to show that it's bad design. Forks should be impossible by design.
> The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
IMO there are many more social aspects here beside price discovery of UTXO records and social consensus. Bitcoin core governance, Mining centralization in China. Cypherpunks. LARPing.
> Bitcoin is a partial solution under multiple constraints, even 1/3 of malicious nodes can undermine it. Internet backbone (BGP) should be trusted. Governments should allow it. etc.
This is wrong on multiple counts. Bitcoin's security model does not assume BGP is trustworthy, nor does it rely on government permission. And the claim that 1/3 malicious nodes can undermine it misapplies BFT theory. Bitcoin doesn't use a quorum-based consensus like PBFT, so thresholds like 1/3 aren't the relevant failure mode. Instead, the attack vector is hashrate-based, and even a 51% attack doesn't let you rewrite history arbitrarily, just temporarily reorder recent blocks.
> The on-chain Bitcoin transactions are never final.
This is misleading. Bitcoin finality is probabilistic, like nearly everything in cryptography. It's final in the same sense that cryptographic signatures are unforgeable: with extremely high probability. The six-confirmation rule of thumb reflects the difficulty of deep chain reorgs which have never exceeded two blocks in practice on Bitcoin mainnet.
> There were many more than 2-3 [hard forks]... even 2-3 are enough to show it's bad design.
This conflates implementation bugs with protocol design flaws. The forks were caused by programming errors, not bad design.
> Bitcoin is a lottery.
You could argue that Bitcoin mining is because it's is probabilistic and there's a reward. But unlike a lottery, it serves an important role: securing the Bitcoin network.
Honestly, your critique reads more like cope than a technical argument.
> Bitcoin finality is probabilistic, like nearly everything in cryptography.
Yes, Bitcoin finality is probabilistic, and practically good enough after half a day or so (though 20 blocks were rolled back on at least 2 occasions).
However, many things in cryptography are not probabilistic. And in BFT-type consensus, every block is immediately final; the question of finality doesn't even arise (which is why the concept only gained prominence with Nakamoto consensus).
Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
> though 20 blocks were rolled back on at least 2 occasions
Do you mean because of the bugs mentioned earlier or during the normal course of operations? Curious to read more about that.
> Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
That's a different kind of "fork" though and those are arguably not Bitcoin. They're basically just competing cryptocurrencies that happened to use an existing blockchain to get started.
1. 1/3 malicious nodes under some conditions and BGP
This is backed by academic papers. Ask google or GhatGPT. You may argue that these papers are wrong or outdated, but then you need to tell this to the researchers who wrote them, not to me.
2. finality is binary, probabilistic finality is an oxymoron
3. > This conflates implementation bugs with protocol design flaws.
there is no formal spec for Bitcoin, there is a short informal whitepaper and a reference C++ implementation. Anyway the paper named "Bitcoin: A Peer-to-Peer Electronic Cash System", and for this specific purpose design is flawed, without regards to bugs.
4. > Bitcoin is a lottery.
Now you're hallucinating quotes I never wrote.
> Honestly, your critique reads more like cope than a technical argument.*
Pretty much all your comments here amount to twisting definitions, misapplying technical concepts, and nitpicking in search of "gotchas." Not to mention all the "LARPing" comments. It screams how to cope with having missed out, which, to your credit, you more or less admitted.
>> It took just five hours before a “soft fork” was rolled out
This is the dumb part about today's crypto imo. It is just a type of consensus among humans. People like to say its "all math" or some fundamental property of nature but that isn't true at all. It is a constant in a text file + people agreeing on its value. I.e. if a sufficient number of people agree that "we're bumping it up to 1 billion now", that is how many there would be. The argument really is how much better is this mechanism than other stores of value? Fiat currency is also a number where some people are given a magic wand to make more of it up on the spot. Gold is something that you either store in your house and hope that it is real or have someone else store it for you (or pretend to store it). Real estate is fine until the city / government decides that you don't own the title anymore. Basically it is a comparison of one absurd mechanism vs other absurd ones but perhaps Bitcoin is less absurd in the final analysis.
Some arbitraries are better than other arbitraries. For bitcoin, you'd need 50% of supply to arbitrarily make decisions which is a pretty high threshold, and for all its faults, there hasn't been any egregious soft forks on bitcoin for almost 20 yrs.
That's not how Bitcoin works at all. No amount of the supply (or hashpower) can let you make arbitrary decisions.
Having 50+% of the hashpower could let you double spend by mining on two forks in parallel, but it will never let you change the rules of the protocol, since these are defined on clients run by many people.
In fact that is what happened in the article. Someone realized there was a problem, got everyone to change their clients, and it changed. The first person to notice the bug did not need to hold any Bitcoin at all to make this change.
Right but some number of humans can collectively decided to change literally anything about Bitcoin. It isn't some fundamental constant of nature. The question really is who are the humans that could actually decide this, what are their incentives, what would make them decide to change it? If only you and I are running the original Bitcoin code then it isn't really Bitcoin. "Real" Bitcoin is a function of human decisions and has fundamentally very little to do with the code. Purchasing Bitcoin is simply a decision to trust this group of humans.
I'm disappointed that the article doesn't point out that this is really a nice, round, negative 10 BTC if you work out the overflow (in satoshis).
> The rapid implementation of the patch was vital in keeping Bitcoin a viable cryptocurrency. 184 billion Bitcoin would have devalued the currency completely, leaving it at the mercy of the person holding the newly-minted Bitcoin.
It would have become worthless, sure, but I imagine that other people would have also just gone around creating additional batches of 184 billion BTC and driving the project into the ground, rather than letting one person walk off with effectively the entire thing.
Could all the large centralized mining pools (ghash and the like) plus exchanges like coinbase and binance blacklist or burn the 184B BTC? Didn't ethereum do something similar to revere a $600M "hack" a while ago?
>> That Satoshi himself intervened, and did so so quickly, showed that Bitcoin was not as easily hackable as some might have assumed
I don't know if this is the central takeaway I get from this. Moreso it shows Bitcoin dodged a bullet, in that there was still a central figure or group with enough clout to roll back and fork the chain.
I’m surprised they don’t spend more time taking about the “soft fork” that voided the coins. For all the talk about the immutability of bitcoin transactions, it’s worth mentioning that things were once a lot more fluid.
I think orphaned blocks still happen regularly? Although blockchain.com's graph drops to 0 in August 02017, I think that might just be a bug in their metrics collection.
I think it's US$21.7 trillion? That's now about 15% of the total global money supply.
So, it's good that the transaction was undone, or 15% of our planet would now be owned by some hacker.
(To be real: if they had not undone the transaction immediately, then the price of Bitcoin would have collapsed, and probably that would have been the end of Bitcoin)
Yup, good point. Another flaw along with software and compute that no one seems to pay attention to. When the Bitcoin bubble pops everyone trying to squeeze through a few transactions is going to identify the actual worth of Bitcoin.
Quadrillion, not trillion. ~200 billion * ~100 thousand = ~20 quadrillion. So, about 15,000% of the global money supply. (I had to look it up in case BTC actually lost 99.9% of its value and I just missed the news.)
>(To be real: if they had not undone the transaction immediately, then the price of Bitcoin would have collapsed, and probably that would have been the end of Bitcoin)
Yes, Bitcoin does not have sufficient trade volume, and it was a joke anyway. Bitcoin would probably not have survived even one more month in 2010, if there were 184 billion new "fake" bitcoins added in the mix.
Even ignoring all the problems about the Bitcoin software being proven to be seriously broken, those 184 billion extra bitcoins meant that every other Bitcoin was suddenly worth about $0.0000000000000001
The 184 billion BTC overflow bug is a reminder that even “immutable” code is only as trustworthy as its review process. The real miracle isn’t that a bug happened, but that Satoshi patched it in hours and the network agreed to roll back. Decentralization is great, but consensus is everything
As long as there's singular entity which leads the changes to the protocol, there's no decentralization.
BTC has occasionally obtained community driven patches by distributed consensus rather than a centralized approach (as recently as 2021 with the Taproot soft fork). When Quantum Computing finally becomes a threat to BTC, there will almost certainly be a distributed consensus to update the protocol again. Now what happened with Ethereum could be argued as not so decentralized since the organization (Ethereum Foundation) has extremely strong political influence over the corporations that support it.
I really hate the “someone will certainly solve this problem!” mentality.
You can’t just magically update the protocol to work around the ability of someone to break elliptic curve cryptography. That not how this works. It’s not how any of this works.
> You can’t [...] update the protocol to work around the ability of someone to break elliptic curve cryptography
Have you reviewed any of the proposals to do exactly that? https://bitcoinops.org/en/topics/quantum-resistance/
Your critique is valid but outdated. This happened way back in 2010. Satoshi disappeared a long time ago now.
There are still influential people, but none with the authority of Satoshi himself.
Bitcoin (et al) is/are not fully decentralized in the sense that a core development team actively maintains and proposes changes, even minimal ones. While it's true that major updates require broad consensus and may be rejected by nodes if controversial, we should acknowledge that certain points of centralization exist, particularly around development and decision making. These often overlooked aspects now carry more financial consequences, especially as Bitcoin becomes more intertwined with regulated financial instruments and political power.
For example, now, many L2s around Bitcoin are fully depending , and influencing on a future change: enabling again the OP_CAT opcode [1].
[1] https://github.com/sCrypt-Inc/awesome-op-cat
Bitcoin can be forked, and in fact has been. You didn't mention mining centralization, which is another avenue.
One of the biggest points of failure I can see happening is self hosted node packaged software services like umbrel. Where they are just updating your node for you.
See also, the DAO hack.
What Ethereum did after DAO was way more sinister. At least with the Bitcoin "roll-back" there were no transactions reversed. The miners just got together and started mining from a previous point in the Blockchain, and eventually the new chain had more work done and was validly accepted by even outdated nodes. Ethereum just went ahead and added this to their protocol: "ummm this transaction stands reversed, you don't need to verify signature for this particular transaction". This blot will stay in the protocol for ever.
Yeah that's a great example. I think sometimes people take "code is law" too seriously, when it is clear to me the code is just a deterministic way to form a consensus that works 99% of the time and the other 1% you get forking.
Indeed. Permissionless blockchain is much less of a technological innovation, but more of a governance innovation, specifically an accountability sink, where instead of a named entity (corporation, institution, person) being in charge, you have this amorphous blob in charge that does come together if its interests are affected (this 184 bn Bitcoin bug, the DAO hack, etc.), but otherwise even in the presence of heinous crimes shrugs and says: "who, me? what can I do?"
I don't understand why that's so attractive to so many participants - possibly because the enormous negative externalities of such a thing more often than not don't fall on themselves, but other, more vulnerable people.
(Not always though: when 200 Bitcoin were stolen from ultra-libertarian Bitcoin developer Luke Dashjr, he came crying for help from the bad bad centralized FBI rather quickly...)
Leading doesn't mean coercion. Leadership in decentralization implies consent.
Comsent by whom? In most "decentralized governance" projects I've heard about, all you need is for the holders of 51% of the tokens to agree, and the holders of the other 49% have no recourse but to leave.
with bitcoin isn't it more about 51% of the compute rather than 51% of the token?
No, that's completely different thing. Mining power only "decides" about the blocks in the blockchain. 51% is only relevant in the context of taking over the blockchain by 51% attack.
Software versions and updates require social / economic consensus and have nothing to do with mining power. Bitcoin is open-source protocol / software and everyone can use whichever version they like. But there's also economic incentives to use the most used version and to make sure that it will keep being the most used version, i.e. forks are bad and should be avoided, therefore it's in everyone's interest to reach consensus.
So there are two different places that a coup against bitcoin could occur? Processing and Software.
With something like 45% of processing controlled by entities in Iran, China, and Russia, it seems like an absolute fools game to put any significant wealth in Bitcoin. All it would take is a significantly effective worm to destroy bitcoin. But hypers gonna hype.
You couldn't pay me to hold a Bitcoin.
It's the same as any currency. If the place you want to spend it only accepts currency y then you must trade for currency y to spend money there.
Since Bitcoin is software anyone can fork it and create a currency y with the same ledger up to the fork but few people do because convincing other people to trade for it without a very strong argument is hard.
What do you think "Iran" can do if they controlled 51% of processing power?
Yes, but I was talking about "decentralized leadership" in all the projects following Bitcoin, which often use 51% of stake instead of 51% of mining capacity, under the social theory that the biggest stakeholders will be the most invested in the outcome of the project.
Those with at least 51% of the sustained hash power can already redefine “Bitcoin” to be whatever they want… At any time whatsoever? (assuming they stay cohesive enough as a bloc)
So this seems like a pointless distinction.
That statement is a bit misleading. The damage an attacker can do through a 51% attack is much more limited than that. It allows an attacker to censor transactions or perform double spends, but it does not allow them to "redefine Bitcoin" (e.g. change consensus rules, arbitrarily reassign coins, etc.).
51% hashing power doesn’t prevent forks. Including forks to 51% of the token systems.
That’s the thing people thing of crypto coins as math, but they’re still a social construct.
Just like the Ethereum fork in 2016 [0]. Before then, the battle cries of the crypto advocates were:
...until someone exploited a code defect and took the founders' money, then they re-write history and ignored the hypocrisy.[0]: https://en.wikipedia.org/wiki/The_DAO
> ...until someone exploited a code defect and took the founders' money, then they re-write history and ignored the hypocrisy.
Not everybody agreed - and so the Ethereum Classic blockchain was created, causing all the problems that go hand in hand with having different, forked blockchains:
> https://en.wikipedia.org/wiki/Ethereum_Classic
That's different because in Bitcoin's case there was a clear violation of the specification, of how it supposed to work. So the bug was fixed to make the software working as it intended to be. If there were two node implementations then one would just stop to work until fixed.
In Ethereum's case there were no violation of any specification. In fact there were no bug in the blockchain itself. Just someone took founder's money, they didn't like it and so they decided to get them back. And note that after that, there were bugs in the nodes code that were breaking the spec (which you should compare to the bitcoin's bug), but because of multiple node implementations only some of the nodes stopped and so we don't care about those issues.
That's probably more important than worrying about bugs in the code. There will be bugs, the concern is what are the rules for rectifying the damage done by those bugs. Plus, where do I go to appeal if I disagree with the decision?
> ignored the hypocrisy
You don't need to exaggerate so strongly.
Powers gonna power
It’s based on a social consensus only, the rest (Nakamoto Consensus, PoW, longest chain, difficulty adjustment, block halving, artificial limited supply, decentralization, censorship-resistant P2P network, open source, etc.) is a combination of a Rube Goldberg machine & crypto bros LARPing.
I halfway disagree:
There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted (including the fact that the Bitcoin paper uses game theory to give evidence why malicious entities attempting to create another fork will by the mere design of the algorithms have a hard time).
What is, of course, social consensus are some aspects about what it "socially" means that there exists this concrete consensus in the blockchain. By the design of the protocol and its data structures, there do exist boundaries concerning possible "social interpretations" of this consensus, but a lot of aspects are up to different interpretations.
> There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted
Not quite. Distributed consensus had been solved in the 1980's theoretically and the 1990's practically, even in the presence of byzantine nodes. What Nakamoto consensus was first in was to extend this to the permissionless setting (at enormous expense & inefficiency, and with no benefits, in my view; though enabling large scale rule breaking or "censorship resistance", which some see as a benefit).
Bitcoin is the OG Birkin Handbag. Valuable for the story. People compete to own a bit of it for that. You can create your own Bitcoin clone and own all of it! But no story, no value.
> You can create your own Bitcoin clone and own all of it!
That is what I wrote:
> What is, of course, social consensus are some aspects about what it "socially" means that there exists this concrete consensus in the blockchain.
In your private Bitcoin clone, such a consensus has a "socially much more boring" interpretation.
Nakamoto Consensus didn’t solved a secure scalable PBFT (Practical Byzantine Fault Tolerant) Consensus.
Bitcoin didn’t solved a forkability and finality problems. Blockchain (or more properly hashchain) is a linked list of hashpointers, and since anyone can create a hashpointer pointing to the head of the hashchain - it means anyone can fork it. And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
IMO PBFT consensus algos have a niche applications anyway, and not required for Electronic Cash implementation, only for decentralized and/or disintermediated Systems-of-Record, but that’s a complete opposite of bearer instruments like electronic cash.
> There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted
Yes, they existed a long time ago and aren't wasteful as a way to generate "value".
> Yes, they existed a long time ago and aren't wasteful as a way to generate "value".
Can you give me a literature reference for such a result, because this claim surprises me.
Of course Merkle trees existed long before - but they are just "cryptographically signed data structures", and thus don't solve the distributed consensus problem.
Of course eCash existed long before - but it depended on some central authority.
Of course distributed consensus algorithms existed long before - but they depended on the fact that all participants are trustable.
Thus, in my opinion Satoshi Nakamoto indeed made a really important scientific contribution for a quite specific algorithmic problem.
> Of course distributed consensus algorithms existed long before - but they depended on the fact that all participants are trustable.
No. They depended on the fact that all participants were known (in other words, the permissioned setting). Among those known ones, some (less than n/3) could go bonkers, all the way byzantine, and the honest nodes would still be guaranteed to find consensus (with consistency and availability).
That "rube goldberg machine" is what makes social consensus possible in a distributed system where everyone is anonymous and there's no single centralized authority.
Yes, but no. The Rube Goldberg of PoW isn't just for show, it's a protection from Sybil attack (not that it makes the economics of it any less of a disaster).
You cherry picked one thing from the list, and even there made a mistake.
In Bitcoin PoW used as a method for leader election of the node composing the list of validated transactions on the ledger (aka block), or even an empty list of transactions (aka Nakamoto-style Consensus).
But without all the Rube Goldbergian nonsense it’s simply an illegal/unlicensed lottery where the participants pay with electricity for the right to earn records on the longest chain (aka UTXO with mining block rewards).
> You cherry picked one thing from the list, and even there made a mistake.
Not quite. Nakamoto consensus is PoW + LCR, and the PoW part is for Sybil resistance, and the LCR part is for consensus.
he wrote
> The Rube Goldberg of PoW isn't just for show, it's a protection from Sybil attack
he cherry picked PoW
no, Nakamoto-style consensus is not the same thing as PoW, or even PoW+LCR, not even the same thing as Bitcoin consensus.
Nakamoto-style consensus simply means that we're doing a leader election, and the leader does the transaction validation (aka mining a block in Bitcoin-speak).
The novelty of Nakamoto-style consensus is how we're doing this leader election, i.e. using PoW, PoW+LCR, PoS, PoET, PoA, Proof-of-X, etc.
Seems someone missed the boat...
Nocoiners cannot understand Bitcoin?
Some do and have reasonable criticism, but you are just mixing up concepts and sound pretty bitter - hence my assumption.
show me at least one so-called "bitter" example from my posts
I have been researching crypto for over a decade. And I would be glad if I was corrected if I was wrong, instead of receiving personal remarks
> Show a single so called “bitter” example from my posts
"crypto bros LARPing". "it’s simply an illegal/unlicensed lottery"
> And I would be happy to be corrected if I made a mistake, instead of getting personal remarks.
Sure.
> Nakamoto Consensus didn’t solved a secure scalable PBFT (Practical Byzantine Fault Tolerant) Consensus.
How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
> Bitcoin didn’t solved a forkability and finality problems.
There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
> And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
> "crypto bros LARPing"
I was at Bitcoin scene since 2011, I think that I can distinguish LARPing from the real thing. It's not me who created a dychotomy between fiat and crypto, between HODLers/coiners and noicoiners, between Traditional Finance and Crypro Finance, between CeFi and DeFi, between IPOs and ICOs, etc. Crypto always looked like a Pinoccio who want to become a "real boy".
> "it’s simply an illegal/unlicensed lottery"
yes, the PoW-based mining is litterally called a puzzle solving or a lottery. How do you call a game where everyone buys a ticket with electricity, but only one at a time wins a block reward?
> How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
OK, BFT (not PBFT algo) is a class of problems with many proposed solutions, but none is good enough if you need scalability. Bitcoin is a partital solution under multiple constraints, even 1/3 of malicious nodes can undermine it. Internet backbone (BGP) should be trusted. Governments should allow it. etc.
> There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
the on-chain Bitcoin transactions are never final. Everyone have their own heuristic how many blocks to count depending on the amount transacted. Protocol only defines how many blocks gamblers (miners) need to wait before they can spend their lottery winnings (block rewards).
> That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
There were many more than 2-3 both intentional and bugs, but why argue? Even 2-3 hard forks are enough to show that it's bad design. Forks should be impossible by design.
> The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
IMO there are many more social aspects here beside price discovery of UTXO records and social consensus. Bitcoin core governance, Mining centralization in China. Cypherpunks. LARPing.
> Bitcoin is a partial solution under multiple constraints, even 1/3 of malicious nodes can undermine it. Internet backbone (BGP) should be trusted. Governments should allow it. etc.
This is wrong on multiple counts. Bitcoin's security model does not assume BGP is trustworthy, nor does it rely on government permission. And the claim that 1/3 malicious nodes can undermine it misapplies BFT theory. Bitcoin doesn't use a quorum-based consensus like PBFT, so thresholds like 1/3 aren't the relevant failure mode. Instead, the attack vector is hashrate-based, and even a 51% attack doesn't let you rewrite history arbitrarily, just temporarily reorder recent blocks.
> The on-chain Bitcoin transactions are never final.
This is misleading. Bitcoin finality is probabilistic, like nearly everything in cryptography. It's final in the same sense that cryptographic signatures are unforgeable: with extremely high probability. The six-confirmation rule of thumb reflects the difficulty of deep chain reorgs which have never exceeded two blocks in practice on Bitcoin mainnet.
> There were many more than 2-3 [hard forks]... even 2-3 are enough to show it's bad design.
This conflates implementation bugs with protocol design flaws. The forks were caused by programming errors, not bad design.
> Bitcoin is a lottery.
You could argue that Bitcoin mining is because it's is probabilistic and there's a reward. But unlike a lottery, it serves an important role: securing the Bitcoin network.
Honestly, your critique reads more like cope than a technical argument.
> Bitcoin finality is probabilistic, like nearly everything in cryptography.
Yes, Bitcoin finality is probabilistic, and practically good enough after half a day or so (though 20 blocks were rolled back on at least 2 occasions).
However, many things in cryptography are not probabilistic. And in BFT-type consensus, every block is immediately final; the question of finality doesn't even arise (which is why the concept only gained prominence with Nakamoto consensus).
Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
> though 20 blocks were rolled back on at least 2 occasions
Do you mean because of the bugs mentioned earlier or during the normal course of operations? Curious to read more about that.
> Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
That's a different kind of "fork" though and those are arguably not Bitcoin. They're basically just competing cryptocurrencies that happened to use an existing blockchain to get started.
> those are arguably not Bitcoin
Q.E.D.
You proved it’s a social consensus
Naming things is, indeed. The protocol is not.
Incredibly pedantic, no less when this whole thing started with "seems like someone missed the boat"
1. 1/3 malicious nodes under some conditions and BGP
This is backed by academic papers. Ask google or GhatGPT. You may argue that these papers are wrong or outdated, but then you need to tell this to the researchers who wrote them, not to me.
2. finality is binary, probabilistic finality is an oxymoron
3. > This conflates implementation bugs with protocol design flaws.
there is no formal spec for Bitcoin, there is a short informal whitepaper and a reference C++ implementation. Anyway the paper named "Bitcoin: A Peer-to-Peer Electronic Cash System", and for this specific purpose design is flawed, without regards to bugs.
4. > Bitcoin is a lottery.
Now you're hallucinating quotes I never wrote.
> Honestly, your critique reads more like cope than a technical argument.*
can you show a specific example of the "cope"?
> can you show a specific example of the "cope"?
Pretty much all your comments here amount to twisting definitions, misapplying technical concepts, and nitpicking in search of "gotchas." Not to mention all the "LARPing" comments. It screams how to cope with having missed out, which, to your credit, you more or less admitted.
Saying everything is X is like saying nothing is X
So, you think that if I had BTC, it would’ve magically changed my views on how Bitcoin consensus works?
BTW: I think Scrum/Agile is also LARPing, do you think if I’ll get a Scrum Master certification it will change my views on Scrum?
>> It took just five hours before a “soft fork” was rolled out
This is the dumb part about today's crypto imo. It is just a type of consensus among humans. People like to say its "all math" or some fundamental property of nature but that isn't true at all. It is a constant in a text file + people agreeing on its value. I.e. if a sufficient number of people agree that "we're bumping it up to 1 billion now", that is how many there would be. The argument really is how much better is this mechanism than other stores of value? Fiat currency is also a number where some people are given a magic wand to make more of it up on the spot. Gold is something that you either store in your house and hope that it is real or have someone else store it for you (or pretend to store it). Real estate is fine until the city / government decides that you don't own the title anymore. Basically it is a comparison of one absurd mechanism vs other absurd ones but perhaps Bitcoin is less absurd in the final analysis.
Some arbitraries are better than other arbitraries. For bitcoin, you'd need 50% of supply to arbitrarily make decisions which is a pretty high threshold, and for all its faults, there hasn't been any egregious soft forks on bitcoin for almost 20 yrs.
That's not how Bitcoin works at all. No amount of the supply (or hashpower) can let you make arbitrary decisions.
Having 50+% of the hashpower could let you double spend by mining on two forks in parallel, but it will never let you change the rules of the protocol, since these are defined on clients run by many people.
In fact that is what happened in the article. Someone realized there was a problem, got everyone to change their clients, and it changed. The first person to notice the bug did not need to hold any Bitcoin at all to make this change.
Right but some number of humans can collectively decided to change literally anything about Bitcoin. It isn't some fundamental constant of nature. The question really is who are the humans that could actually decide this, what are their incentives, what would make them decide to change it? If only you and I are running the original Bitcoin code then it isn't really Bitcoin. "Real" Bitcoin is a function of human decisions and has fundamentally very little to do with the code. Purchasing Bitcoin is simply a decision to trust this group of humans.
>"egregious soft forks on bitcoin for almost 20 yrs."
What?? Are we just going to forget about BTC, BCH and BSV? Same thing happened with Ethereum too - with Ethereum (ETH) and Ethereum Classic (ETC).
I'm disappointed that the article doesn't point out that this is really a nice, round, negative 10 BTC if you work out the overflow (in satoshis).
> The rapid implementation of the patch was vital in keeping Bitcoin a viable cryptocurrency. 184 billion Bitcoin would have devalued the currency completely, leaving it at the mercy of the person holding the newly-minted Bitcoin.
It would have become worthless, sure, but I imagine that other people would have also just gone around creating additional batches of 184 billion BTC and driving the project into the ground, rather than letting one person walk off with effectively the entire thing.
Could all the large centralized mining pools (ghash and the like) plus exchanges like coinbase and binance blacklist or burn the 184B BTC? Didn't ethereum do something similar to revere a $600M "hack" a while ago?
What they actually did sounds a lot easier to me.
>> That Satoshi himself intervened, and did so so quickly, showed that Bitcoin was not as easily hackable as some might have assumed
I don't know if this is the central takeaway I get from this. Moreso it shows Bitcoin dodged a bullet, in that there was still a central figure or group with enough clout to roll back and fork the chain.
I’m surprised they don’t spend more time taking about the “soft fork” that voided the coins. For all the talk about the immutability of bitcoin transactions, it’s worth mentioning that things were once a lot more fluid.
I think orphaned blocks still happen regularly? Although blockchain.com's graph drops to 0 in August 02017, I think that might just be a bug in their metrics collection.
At today’s price that’s … like … err more zeros than I’ve got fingers
I think it's US$21.7 trillion? That's now about 15% of the total global money supply.
So, it's good that the transaction was undone, or 15% of our planet would now be owned by some hacker.
(To be real: if they had not undone the transaction immediately, then the price of Bitcoin would have collapsed, and probably that would have been the end of Bitcoin)
At a certain scale, face value is meaningless and all that matters is liquidity.
$21tn in bitcoin isn't going to get you any more money than $1tn would.
Yup, good point. Another flaw along with software and compute that no one seems to pay attention to. When the Bitcoin bubble pops everyone trying to squeeze through a few transactions is going to identify the actual worth of Bitcoin.
(And maybe that wouldn't have been so bad)
Quadrillion, not trillion. ~200 billion * ~100 thousand = ~20 quadrillion. So, about 15,000% of the global money supply. (I had to look it up in case BTC actually lost 99.9% of its value and I just missed the news.)
The price of Bitcoin would be way different if that much of it existed
If code is the law, hackers will rule the world
I've never come across this quote. It is useful, thank you!
>15% of our planet would now be owned by some hacker
why? It's not like btc has anywhere near the trade volume for 15% of global money supply.
>(To be real: if they had not undone the transaction immediately, then the price of Bitcoin would have collapsed, and probably that would have been the end of Bitcoin)
Yes, Bitcoin does not have sufficient trade volume, and it was a joke anyway. Bitcoin would probably not have survived even one more month in 2010, if there were 184 billion new "fake" bitcoins added in the mix.
Even ignoring all the problems about the Bitcoin software being proven to be seriously broken, those 184 billion extra bitcoins meant that every other Bitcoin was suddenly worth about $0.0000000000000001
apologies, the joke went over my head
[dead]