This is the story about 184 billion bitcoin – how they were created, why this was possible, and where they went.
In computer programming, there exists the concept of variables. A variable is like a “box” into which you can save a certain value.
There are special boxes which save letters, special boxes which save numbers, special boxes which save decimal numbers, etc. For example:
var a = 5
a is an integer variable, just like
x in mathematical equations from school. Integer means it's only able to save whole numbers.
Fun fact: variables which store letters, numbers, and other characters as text are called “strings” or “text”, those that store decimal numbers are called “float” (from floating point), those that store truth (true or false) are called “Boolean” after George Boole, etc. There are many different types and they depend on the programming language being used.
To simplify, when storing a number into an integer, the maximum value we can store is limited by memory capacity in the computer. For example, in 64 bit computers (most modern computers), the maximum integer is 9,223,372,036,854,775,807 while the minimum is -9,223,372,036,854,775,808. Yes, that's nine million trillion in both directions: positive and negative.
For those who want to know more (feel free to skip)
How bits work for storing numbers:
Computers can only store information in binary format: with ones or zeroes. For example, 0101 is a 4-bit number and is turned into decimal like so:
0*8 + 1*4 + 0*2 + 1*1 = 5. We multiply each digit starting from the rightmost one with
x is the position of the bit starting with 0, and doubling each future digit's value: 0, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1028…
01000101001001 = = 0*2^13 + 1*2^12 + 0*2^11 + 0*2^10 + 0*2^9 + 1*2^8 + 0*2^7 + 1*2^6 + 0*2^5 + 0*2^4 + 1*2^3 + 0*2^2 + 0*2^1 + 1*2^0 = 0*8192 + 1*4096 + 0*2048 + 0*1024 + 0*512 + 1*256 + 0*128 + 1*64 + 0*32 + 0*16 + 1*8 + 0*4 + 0*2 + 1*1 = 4096 + 256 + 64 + 8 + 1 = 4425
With 64 bit numbers, we have 64 bits:
Each of those zeroes can be 1, and the same formula as above applies for turning the number into a decimal one. The leftmost bit is there for the “sign”: +/-. It indicates a positive or negative number.
If we take into account that the balance of a Bitcoin address cannot be negative (you can either have or not have bitcoin), we can use an unsigned integer which means the leftmost bit is not used for the +/- sign but for an extra value bit. This doubles the maximum integer to 18,446,744,073,709,551,615 (eighteen million trillion). Trying to store a number bigger by even just 1 would cause an integer overflow. Imagine a car's odometer:
Once it reaches 999999, another kilometer won't set it to 1000000 because there's no room to show that number. It'll go back to 000000. The exact same thing happens with numbers in computers – once they surpass the maximum integer value, they overflow and reset to 0.
Bitcoin and integers
Bitcoin (currently) has 8 decimal points. The smallest Bitcoin fragment is called a Satoshi. The word bitcoin is actually there only “pro forma” – when you have 1 BTC you actually have 100 million Satoshi. The theoretical maximum number of bitcoin is 21 million, so 2,100,000,000,000,000 (two quadrillion one hundred trillion) Satoshi.
If we cut off the last 8 digits from the maximum integer that can be stored (18,446,744,073,709,551,615) so it matches Bitcoin's protocol, we get: 184,467,440,737.09551615.
In other words, because of its decimal points the biggest possible value in the Bitcoin protocol is actually a little over 184 billion instead of the full eighteen million trillion.
But what's the point of all these confusing abstract numbers anyway?
184 Billion Bitcoin
When sending Bitcoin, we tell the wallet software “send this much btc from this address to this address”. But in 2010, the software had a critical bug.
When sending BTC from addresses to addresses (in Bitcoin it's actually possible to send from multiple addresses to multiple addresses), the software was checking for total input values and total output values, but not the things that happen in between.
During one such transaction, the perpetrator gave the program the following instructions (simplified for easier understanding):
- from my address which has 50.51 BTC
- send 92233720368.54277039 to address A
- send 92233720368.54277039 to address B
- send 50.51 BTC to address C
The sum of the A and B transactions was 184,467,440,737.08554000. That's exactly 997615 Satoshi away from the maximum. Other amounts in the transaction combined with this number caused an integer overflow and the total amount fell to just 50.51 BTC that's due for sending.
The software only looked at inputs and outputs:
- I have 50.51 coming in
- I have 50.51 coming out
- the output is less than or equal to input, therefore it is valid
(in the beginning the transaction fees were optional and trivial)
Address A and address B each got 184 billion completely valid bitcoin, even though at the time there were only around 1.5 million in circulation.
Satoshi, Theymos, Jeff Garzik, and others who noticed this weird transaction quickly started thinking about solutions out loud. In the span of a few hours a patch was written for the code to fix this issue for future transactions, along with a proposal to roll back and undo the transaction that occurred. This patch was added to the Bitcoin Core software – the node which signs and sends transactions. A suggestion was made in the forum: have everyone stop processing transactions until the fix is in place, and ignore the block that processed this transaction and all the blocks after it. “Time travel” into a time before this happened.
There was even some concern about Bitcoin being too decentralized to have the information reach everyone in time, but luckily the ecosystem was young enough for this to still be possible. Everything went smoothly and the hack was undone.
You'll often hear maximalists say that Ethereum is centralized around Vitalik or that it's not a real blockchain because of the 2016. DAO hack in which 3 million ether were stolen – 15% of all ether back then. The problem was resolved in exactly the same way: a hard fork which reverted the state and refunded people their investments.
That move caused a contentious fork to form: Ethereum Classic. ETC followers rightfully claimed that rolling the heist back is against the concept of an immutable ledger and a blockchain, and decided to break off from the majority (80%).
Whether or not fighting the bad guy this way was a good decision is up for discussion, but it's important to wonder – if BTC had been as popular and widespread as Ethereum at the time of its incident, would a Bitcoin Classic have happened? Are maximalists right in their judging of Ethereum just because of this difference in popularity? And if so, where's the line a system needs to cross before becoming too popular to change?
Something worth thinking about.
I personally feel like it's better to fork because of such incidents than for dividends and “free money” as is happening in Bitcoin almost every week now: Bitcoin Gold, Bitcoin Diamond, Bitcoin Segwit2…
Mistakes happen and some can be catastrophic for the system if left unfixed. Ideals such as a ledger's immutability can and should be ignored for the greater good and a long term benefit of the whole community.
This fix was one such incident – the amount of BTC created from nothing would have done too much damage to the entire system even if they had opted to mark those manufactured bitcoins as invalid in a future version of the Core software. The cheaper and easier solution was rolling the situation back to a past state, and it was the right choice.