{"id":31461,"date":"2020-11-09T13:45:19","date_gmt":"2020-11-09T11:45:19","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=31461"},"modified":"2025-08-28T03:48:24","modified_gmt":"2025-08-28T00:48:24","slug":"blockstream-co-founder-gregory-maxwell-reveals-vulnerability-in-bitcoin-sv-multisig","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/blockstream-co-founder-gregory-maxwell-reveals-vulnerability-in-bitcoin-sv-multisig\/","title":{"rendered":"Blockstream co-founder Gregory Maxwell reveals vulnerability in Bitcoin SV multisig"},"content":{"rendered":"<p>The multisignature system in Bitcoin SV does not secure users&#8217; assets, according to Blockstream co-founder Gregory Maxwell.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\\\"reddit-embed-bq\\\" style=\\\"height:316px\\\" >\n<p><a href=\\\"https:\/\/www.reddit.com\/r\/bsv\/comments\/jq9jv3\/and_its_gone_popular_bsv_multisig_provides_no\/\\\">AND ITS GONE: Popular BSV multisig provides no security at all and eventually the coins all go poof.<\/a><br \/> by<a href=\\\"https:\/\/www.reddit.com\/user\/nullc\/\\\">u\/nullc<\/a> in<a href=\\\"https:\/\/www.reddit.com\/r\/bsv\/\\\">bsv<\/a><\/p>\n<\/blockquote>\n<p><script async src=\\\"https:\/\/embed.reddit.com\/widgets.js\\\" charset=\\\"UTF-8\\\"><\/script><\/p>\n<p>In February 2020, as part of a Bitcoin SV update called Genesis, developers replaced Bitcoin&#8217;s P2SH multisignature mechanism with their own scheme.<\/p>\n<p>As a result, a solution known as ElectrumSV\u2014or &#8216;multisig accumulator&#8217;\u2014emerged. This script provides transaction validation when the required number of signatures is met or exceeded.<\/p>\n<p>Blockstream CEO Adam Back wrote that, due to a bug, the actual execution condition was a number of signatures that was less than or equal to the required number, including zero.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">Wow that\u2019s a nasty BSV-only bug. Less than or equal instead of greater than or equal (number of signatures in a multisig). Presume they removed the standard p2sh multisig and replaced with this bugged home-brew multisig due to BSV anti-soft fork posturing, to undo soft-forks.<\/p>\n<p>\u2014 Adam Back (@adam3us) <a href=\\\"https:\/\/twitter.com\/adam3us\/status\/1325555272664948737?ref_src=twsrc%5Etfw\\\">November 8, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote>\n<p>\u00abAs a result, these scripts had no protection whatsoever and could be executed by sending a pair of zeros,\u00bb Maxwell noted.<\/p>\n<\/blockquote>\n<p>He said that no real funds were compromised, but there are a few lessons to draw from this. In his view, the issues would not have arisen if Bitcoin SV developers had used proven multisig mechanisms rather than &#8216;home-grown cryptography&#8217;.<\/p>\n<blockquote>\n<p>\u00abUser Bitcoin scripts require the same attention as other cryptographic functions,\u00bb Maxwell noted.<\/p>\n<\/blockquote>\n<p>In April, the creators of Bitcoin SV stated that the Bitcoin testnet fork had been processing 1,300 transactions per second for an extended period, and peaked at 6,400 TPS.<\/p>\n<p>Subscribe to ForkLog news on <a href=\\\"https:\/\/twitter.com\/ForkLog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">Twitter<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The multisignature system in Bitcoin SV does not secure users&#8217; assets, according to Blockstream co-founder Gregory Maxwell.<\/p>\n","protected":false},"author":1,"featured_media":31462,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1086,1301,1142],"class_list":["post-31461","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitcoin-sv","tag-blockchain-vulnerabilities","tag-cryptography"],"aioseo_notices":[],"amp_enabled":true,"views":"13","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/31461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=31461"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/31461\/revisions"}],"predecessor-version":[{"id":31463,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/31461\/revisions\/31463"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/31462"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=31461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=31461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=31461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}