Over 19000 BCH was sent by mistake, and nearly half have been stolen. This problem is annoying for miners.

Original author: Antoine Le Calvez and Coin Metrics team

"I thought about it for a long time. Would you like to write about it here. Although I am doing it now, I will doubt whether this behavior is correct.

Suppose there is a casino with a jackpot of $ 500,000. To be successful, you need to bet about $ 15,000, and the probability of winning a bet is about 60%. The problem is, there must be more people who know the jackpot. What would you do in a similar situation? " On November 20, 2017, a Russian Bitcointalk user was thinking about an interesting question, which also meant an opportunity for him.

To understand it, we must go back in time.

Just a few weeks before the posting of this post, two key events took place: On August 1, Bitcoin Cash (BCH) was forked from Bitcoin (BTC), and then on August 24, Bitcoin started The most important upgrade over the years: SegWit.

After this fork, two assets that created almost everything were created. Importantly, both networks support a special type of address P2SH (pay-to-script hash) that starts with "3". These addresses allow the use of complex scripts (such as multi-signature schemes). The script associated with the P2SH address is only known when the address is "spent from": that is, when someone sends a BTC or BCH to a P2SH address that has never been used, it is impossible to know what script it uses.

SegWit, among many other changes, added a special type of P2SH address: nested SegWit . They look like ordinary P2SH addresses, but their spending script uses isolation witness. It provides users with a simple, backward compatible way.

Over time, some users incorrectly sent BCH to this type of nested segregated witness address . Since Bitcoin Cash (BCH) does not implement SegWit, the scripts of these addresses fall back to a state similar to that anyone can use the funds in these addresses ( no signature is required, you only need to know these scripts ). Therefore, these BCHs that send errors are actually in the state of "whoever comes first will get the bonus", which is also called the jackpot.

p1

The above figures are only the minimum estimates of the erroneous loss of BCH. When the script used by the address is revealed, we can only detect if the address uses a nested segregated witness. Over time, more and more addresses can be detected, which makes the relevant numbers larger.

However, here is a small tip: Only miners can get these jackpots . This is because transactions must follow consensus rules (Wushuanghua, etc.), and they must also obey another set of rules to be forwarded by nodes: standardized rules, which are designed to avoid denial of service attacks using large or very complex transactions. Bitcoin has a small number of standard scripts that relay from one node to another. Non-standard scripts can be accepted as part of the mined block, but these non-standard scripts will not relay from one node to another.

The Bitcoin Cash (BCH) nested segregated witness address spending transaction violates one of these standard rules (to be precise, the cleanstack rule ), so it will not be relayed; only direct participation by miners can effectively mine, so Only miners or users who have a close relationship with miners can spend BCH in nested segregated witness addresses, while ordinary users cannot .

With this knowledge, we can decipher the opportunities mentioned by the Russian Bitcointalk users mentioned above:

  1. $ 500,000 jackpot : When this user posted, slightly more than 400 BCH (then valued at about $ 500,000) was sent to the nested segregated witness address on BCH, and these coins could only be claimed by miners;
  2. $ 15,000 bet : This is the cost of renting a 1/144 ratio of BCH network for one day;
  3. 60% chance of payment : 1/144 hash rate, the probability of digging a block in one day is about 63%;

If he can dig a block, he can claim the jackpot for himself, so he posted:

"I need to mine a block, but all the mining pools are in China, and the managers of these mining pools do not have my friends."

Over time, more than 19,000 BCH were sent to the nested segregated witness address.

And next, we will look at the fate of these erroneously sent BCHs.

First resume transaction

On September 10, 2017, Reddit user / u / btctroubadour noticed a worrying pattern of events: Many Trezor users would send BCH to a nested segregated witness address . He suggested setting up a recovery service run by the miners, and then collecting these lost BCHs and returning them to the users who lost the coins (the service fee needs to be reduced). As usual, the discussion quickly degenerates into endless debates and attacks without any results.

However, several people noticed and started thinking about it. In addition, over time, the scale of bounty generated by this problem has continued to grow.

Around this time, our Russian Bitcointalk user may have noticed the problem and started looking for a miner who can assist him.

A week later, he found that no existing mining pool was willing to be included in his transaction, so he posted on the Bitcointalk forum. He wanted to know if he could create a temporary mining pool on BCH, in order to dig a block.

On November 14, 2017, I explained the problem on Twitter and calculated the bonus that was available at the time: 478 BCH (then valued at about $ 644,000).

Two days later, on November 16, the first resumption transaction occurred: BTC.com mining pool restored 100.7 BCH that the user sent to the nested segregated witness address by mistake .

A white hat hacker appears

On November 21, 2017, the "dream" of the Russian Bitcointalk user was broken. An anonymous Reddit user (/ u / bchsegwitrecover) restored 493.5 BCH (about $ 600,000 at the time) and planned to charge a 30% fee They are then returned to the affected users. (The problem is that the user must submit a claim application before December 6, 2017)

The block containing this recovery transaction also includes the second 12.64 BCH recovery operation sent to the Nested Segregated Witness address. However, this recovery is special because the scripts needed to recover BCH have never been made public on the Bitcoin blockchain. Therefore, it is necessary to communicate directly with the miners to prevent the lost BCH from being "claimed" by those who are unwilling to return it.

The 12.64 BCH that was sent to the same address as the previously restored 100.7 BCH may be related to BitGo.

After November 28th, / u / bchsegwitrever decided to waive 30% of the processing fee and return the fees already collected.

By tracking payments, we estimate that / u / bchsegwitrever returned 7 coin losers for a total of 75.59 BCH (including handling fees). Interestingly, one user apparently successfully negotiated the fee to 15% (however, he was compensated like all other users).

p2

For BCHs that are not claimed before the deadline, their fate is even more vague, because these funds have undergone a divestiture chain operation (in many transactions, a large amount of funds have been stripped into many small denominations), making the tracking of where funds go Even more difficult.

Two days after / u / bchsegwitrever posted the news, BTC.com launched a recovery service (with a 10% fee), fulfilling the vision of / u / btctroubadour a few months ago.

BTC.com Recovery Services

The launch of the BTC.com recovery service has created a new era for these lost BCH. Now, public mining pools will mine BCH transactions that are lost by mistake.

Using BTC.com's tag for BCH miners, we tracked the amount of BCH recovered in each mining pool:

p3

Follow BTC.com's resumed transactions and we can find interesting things. The 10% service fee it charges always seems to be sent to the same address, which allows us to determine the revenue that the mining pool gets from it: 368.03 BCH.

Savvy readers will notice that their 368.03 BCH income and recovery amount of 5,779.30 BCH, as well as the 10% handling fee given, are inconsistent. We found that BTC.com charged a lower fee for 12 transactions, of which 5 transactions amounted to more than 100 BCH, and their fees were fixed at 10 BCH. This indicates that at a certain point in time, BTC.com decided to set the upper limit of its fees to 10 BCH.

BCH hard fork

BCH has a hard fork policy, which is conducted twice a year, on May 15 and November 15.

Two of these forks are related to the recovery of segregated witness:

  1. On November 15, 2018, the new "cleanstack" consensus rule was changed , making the segregated witness recovery transaction completely invalid;
  2. On May 15, 2019 (next hard fork), this new consensus rule was partially rolled back to allow only segregated witness recovery transactions ;

One consequence is that in six months, it is impossible to recover the segregated witness funds. As shown in the figure, a large amount of BCH losses accumulated on the May 15 fork and became spendable.

p4

These accumulated funds are theoretically anyone can spend (approximately 4,000 BCH, which was valued at about $ 1.6 million at the time), thus creating a bounty that attracts malicious people.

According to the analysis of BitMEX Research Institute, after the hard fork, some problems occurred, which led to various chain splits. One problem is that miners produce empty blocks. Just after this vulnerability was fixed, a miner named "fake unknown" claimed the "BCH bounty" in the nested segregated witness address. According to a Chinese user "" BCH Bruce "" on WeChat, the incident said:

"After discovering this situation, the BCH miners urgently took a large amount of computing power from the BTC network, carried out the chain reorganization of the two blocks, voided the 'fake unknown' mining pool transaction, and returned the lost BCH to The original owner. "

The "fake unknown" miner claimed that the BCH that was accidentally lost was indeed isolated by other miners.

Mining pools that intentionally isolate other valid blocks are very rare. In fact, it prevents many innocent users from losing access to their lost BCH, and this incident can be compared to another incident that happened to BTC a week ago: Binance lost 7000 BTC in a hacker attack, It hoped to roll back the transaction through restructuring. However, this plan was quickly rejected.

In a subsequent block, BTC.TOP used a new technology to recover 3800 BCH from the nested segregated witness address. They do not have to wait for the owner to come forward and verify whether they control the relevant lost coin address. Instead, they use the information in the nested segregated witness script to design a non-SegWit address. Only the holder of the original address can use this address. This way, they can let users control their lost BCH without having to contact them.

However, BTC.TOP did not recover all claimable BCHs. After they recovered 10 blocks after 3800 BCH, the "fake unknown" miner took 216 accidentally lost BCHs, and their fate is unknown. .

in conclusion

Using all the above information, we can trace to a certain extent the fate of half lost BCH by mistake:

p5

We need to be aware that these open-miners, who are models of virtue, return most of the BCH they recovered to their original holders. However, the fate of about half of the lost coins is still uncertain.

They have been "restored" into blocks that are not associated with any known mining pool. Since mid-2018, this "unknown" mining entity has been working to obtain most of the lost BCH (except for bounties after May 15th).

p6

And such games continue. As is often the case with blockchain archeology, solving one problem leads to another . No matter where it leads, we will continue to follow this story and look forward to revealing more blockchain mysteries.