4 Notes on Bitcoin SV Lacking Proper Multisig Security

CryptoMode Bitcoin SV Multisig Issues

Multisignature solutions not only help keep crypto assets safe, they are also a great solution for joint accounts. In the case of Bitcoin SV, it seems there is some concern over the current multisig implementation. A very problematic situation has ensued.

Removing P2SH was a Mistake

At its core, Bitcoin SV has copied all of the code that makes up Bitcoin, and added their own flavor on top of it. At the same time, some features that still exist in Bitcoin have taken out of the BSV code. One such element is P2SH, or Pay to Script hash. This function was initially introduced in Bitcoin to allow for sending funds to addresses starting with a “3” instead of a “1”. For most people, these addresses are mutisignature addresses, providing extra security for all Bitcoin users. 

Today, the P2SH aspect is nowhere to be found in the Bitcoin SV consensus rules. This decision was made by the developers, although it may not have been the best option. As a result, they had to build their own multisignature solution, which is much easier said than done. It is evident the current implementation is far from ideal. 

Accumulator Multisig is Lacking

Although the Bitcoin SV developers came up with a new multisig solution, there are a lot of concerns. Known as Accumulator multisig, the script is somewhat similar to pay to pubkey-hash (P2KPH) but with a twist. It adds up the number of passes and compares them to a threshold. A somewhat rudimentary approach, but one that can always be improved upon at a later stage.

Unfortunately, it appears the team uses key-hashes instead of actual pubkeys. In terms of saving on computing resources and data size, this approach makes a lot of sense. Looking at a recent Reddit comment, the Accumulator implementation uses some wrong elements that significantly erode security. It is something that can be added, but doing so may not necessarily happen anytime soon. 

Funds may Have Been Stolen Already

For those Bitcoin SV users who rely on this rather shoddy multisignature implementation, funds may have been stolen already. While there is no way to officially confirm if a theft occurred, the current state of things does not bode well for the BSV ecosystem. Writing a custom multisig script is a very daunting challenge, and it seems this implementation checks too many of the wrong boxes. 

In the Reddit post, there is also a question of whether this approach was accidental or done on purpose. Assuming it is the former, basic testing could have highlighted the problems and ensured everyone would feel safe when using this multisignature implementation. For the time being, it remains unclear why such an issue was not discovered sooner. Skimping on crucial security features is never the right approach. 

Permanent Damage or a Setback?

The big question is how these new findings will impact the overall appeal of Bitcoin SV. For a currency created by someone who claims to be Satoshi Nakamoto, such problems should not even be present in the first place. It certainly helps reduce the overall appeal of BSV as a viable cryptocurrency. When security cannot be taken seriously, there is very little reason to keep using the code. 

Drawing lessons from an incident like this is always worthwhile. However, it may be far too late to save Bitcoin SV at this point. Very few people openly supported this fork since its inception. Things have only gotten progressively worse. With no reliable multisignature implementation to speak of, the outlook for BSV is very bleak right now. It is not too late to turn the ship around, though. 

CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected] None of the information on this website is investment or financial advice. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. No reviews should be taken at face value, always conduct your research before making financial commitments.