This is the story about 184 billion bitcoin – how they were created, why this was possible, and where they went.

Variables

In computer programming, there exists the concept of variables. A variable is like a “box” into which you can save a certain value.

There are special boxes which save letters, special boxes which save numbers, special boxes which save decimal numbers, etc. For example:

var a = 5

a is an integer variable, just like x in mathematical equations from school. Integer means it's only able to save whole numbers.

Fun fact: variables which store letters, numbers, and other characters as text are called “strings” or “text”, those that store decimal numbers are called “float” (from floating point), those that store truth (true or false) are called “Boolean” after George Boole, etc. There are many different types and they depend on the programming language being used.

To simplify, when storing a number into an integer, the maximum value we can store is limited by memory capacity in the computer. For example, in 64 bit computers (most modern computers), the maximum integer is 9,223,372,036,854,775,807 while the minimum is -9,223,372,036,854,775,808. Yes, that's nine million trillion in both directions: positive and negative.


For those who want to know more (feel free to skip)

How bits work for storing numbers:

Computers can only store information in binary format: with ones or zeroes. For example, 0101 is a 4-bit number and is turned into decimal like so: 0*8 + 1*4 + 0*2 + 1*1 = 5. We multiply each digit starting from the rightmost one with 2^x where x is the position of the bit starting with 0, and doubling each future digit's value: 0, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1028…

Example:

01000101001001 =
= 0*2^13 + 1*2^12 + 0*2^11 + 0*2^10 + 0*2^9 + 1*2^8 + 0*2^7 + 1*2^6 + 0*2^5 + 0*2^4 + 1*2^3 + 0*2^2 + 0*2^1 + 1*2^0
= 0*8192 + 1*4096 + 0*2048 + 0*1024 + 0*512 + 1*256 + 0*128 + 1*64 + 0*32 + 0*16 + 1*8 + 0*4 + 0*2 + 1*1
= 4096 + 256 + 64 + 8 + 1
= 4425

With 64 bit numbers, we have 64 bits:

0000000000000000000000000000000000000000000000000000000000000000

Each of those zeroes can be 1, and the same formula as above applies for turning the number into a decimal one. The leftmost bit is there for the “sign”: +/-. It indicates a positive or negative number.


If we take into account that the balance of a Bitcoin address cannot be negative (you can either have or not have bitcoin), we can use an unsigned integer which means the leftmost bit is not used for the +/- sign but for an extra value bit. This doubles the maximum integer to 18,446,744,073,709,551,615 (eighteen million trillion). Trying to store a number bigger by even just 1 would cause an integer overflow. Imagine a car's odometer:

Odometer

Once it reaches 999999, another kilometer won't set it to 1000000 because there's no room to show that number. It'll go back to 000000. The exact same thing happens with numbers in computers – once they surpass the maximum integer value, they overflow and reset to 0.

Bitcoin and integers

Bitcoin (currently) has 8 decimal points. The smallest Bitcoin fragment is called a Satoshi. The word bitcoin is actually there only “pro forma” – when you have 1 BTC you actually have 100 million Satoshi. The theoretical maximum number of bitcoin is 21 million, so 2,100,000,000,000,000 (two quadrillion one hundred trillion) Satoshi.

If we cut off the last 8 digits from the maximum integer that can be stored (18,446,744,073,709,551,615) so it matches Bitcoin's protocol, we get: 184,467,440,737.09551615.

Numbers

In other words, because of its decimal points the biggest possible value in the Bitcoin protocol is actually a little over 184 billion instead of the full eighteen million trillion.

But what's the point of all these confusing abstract numbers anyway?

184 Billion Bitcoin

When sending Bitcoin, we tell the wallet software “send this much btc from this address to this address”. But in 2010, the software had a critical bug.

When sending BTC from addresses to addresses (in Bitcoin it's actually possible to send from multiple addresses to multiple addresses), the software was checking for total input values and total output values, but not the things that happen in between.

During one such transaction, the perpetrator gave the program the following instructions (simplified for easier understanding):

  • from my address which has 50.51 BTC
  • send 92233720368.54277039 to address A
  • send 92233720368.54277039 to address B
  • send 50.51 BTC to address C

The sum of the A and B transactions was 184,467,440,737.08554000. That's exactly 997615 Satoshi away from the maximum. Other amounts in the transaction combined with this number caused an integer overflow and the total amount fell to just 50.51 BTC that's due for sending.

Summation :(

The software only looked at inputs and outputs:

  • I have 50.51 coming in
  • I have 50.51 coming out
  • the output is less than or equal to input, therefore it is valid

(in the beginning the transaction fees were optional and trivial)

Address A and address B each got 184 billion completely valid bitcoin, even though at the time there were only around 1.5 million in circulation.

Solution

Satoshi, Theymos, Jeff Garzik, and others who noticed this weird transaction quickly started thinking about solutions out loud. In the span of a few hours a patch was written for the code to fix this issue for future transactions, along with a proposal to roll back and undo the transaction that occurred. This patch was added to the Bitcoin Core software – the node which signs and sends transactions. A suggestion was made in the forum: have everyone stop processing transactions until the fix is in place, and ignore the block that processed this transaction and all the blocks after it. “Time travel” into a time before this happened.

Time travel

There was even some concern about Bitcoin being too decentralized to have the information reach everyone in time, but luckily the ecosystem was young enough for this to still be possible. Everything went smoothly and the hack was undone.

Ideology

You'll often hear maximalists say that Ethereum is centralized around Vitalik or that it's not a real blockchain because of the 2016. DAO hack in which 3 million ether were stolen – 15% of all ether back then. The problem was resolved in exactly the same way: a hard fork which reverted the state and refunded people their investments.

That move caused a contentious fork to form: Ethereum Classic. ETC followers rightfully claimed that rolling the heist back is against the concept of an immutable ledger and a blockchain, and decided to break off from the majority (80%).

Whether or not fighting the bad guy this way was a good decision is up for discussion, but it's important to wonder – if BTC had been as popular and widespread as Ethereum at the time of its incident, would a Bitcoin Classic have happened? Are maximalists right in their judging of Ethereum just because of this difference in popularity? And if so, where's the line a system needs to cross before becoming too popular to change?

Something worth thinking about.

Think...

I personally feel like it's better to fork because of such incidents than for dividends and “free money” as is happening in Bitcoin almost every week now: Bitcoin Gold, Bitcoin Diamond, Bitcoin Segwit2…

Conclusion

Mistakes happen and some can be catastrophic for the system if left unfixed. Ideals such as a ledger's immutability can and should be ignored for the greater good and a long term benefit of the whole community.

This fix was one such incident – the amount of BTC created from nothing would have done too much damage to the entire system even if they had opted to mark those manufactured bitcoins as invalid in a future version of the Core software. The cheaper and easier solution was rolling the situation back to a past state, and it was the right choice.

2 COMMENTS

  1. The difference I see between Bitcoin’s case and Ether’s case is that in Bitcoin’s case, additional Bitcoins were created whereas in Ether’s case funds were stolen. Hard forking because of unwanted massive creation of money seems legitimate, to recover money that was stolen, I don’t know … it would probably make no sense to hard fork each time someone reports their funds have been stolen and I don’t know if a stolen 15% justifies it …

    • I do agree with the distinction there, yes – it’s technical vs political forking. The line between technical and political gets blurrier as time goes by, however. Look at the Segwit / Bitcoin Cash issue. The two sides are still at each other’s throat, each accusing the other of the divide being political and their solution being technical. I think what matters is just going with the winning side *if they are obviously good guys*. In the case of Eth, I chose the Eth side and not ETC because I think the Eth side has morally superior (even if ideologically inferior) developers and leaders, and I want to see where they can take the technology. As you can see, this forking for finance did not get out of hand – the recent Parity problems were just as big in scale, and no fork occurred. But yeah, I do agree with your assessment and distinction, and agree that it’s a tricky thing to define.

LEAVE A REPLY

Please enter your comment!
Please enter your name here