• bitcoin

    Bitcoin (BTC)

    $ 3,594.34 1.67%
  • ethereum

    Ethereum (ETH)

    $ 118.77 1.97%
  • ripple

    XRP (XRP)

    $ 0.318544 0.34%
  • bitcoin-cash

    Bitcoin Cash (BCH)

    $ 129.45 6.24%
  • eos

    EOS (EOS)

    $ 2.47 6.07%

Research

Coinmetrics report: Over 2 million Bitcoin Private tokens were covertly premined, breaking the 21 million supply cap

Quick Take

  • Coinmetrics, a cryptoasset data provider, released a 10-page report titled: “Don’t trust, verify: A Bitcoin Private case study,” analyzing Bitcoin Private’s coin supply
  • Bitcoin Private is a fork-merge of Bitcoin and ZClassic, a cryptocurrency with privacy features, which itself was a fork of Zcash
  • The report found that 2.04 million additional Bitcoin Private units were covertly minted, pushing the actual supply cap of BTCP to 23.04 million, instead of 21 million

Coinmetrics, a cryptoasset data provider, released a 10-page report titled: “Don’t trust, verify: A Bitcoin Private case study.” The report analyzes Bitcoin Private (BTCP), a fork-merge of Bitcoin and ZClassic, a cryptocurrency with privacy features, which itself was a fork of Zcash. A fork-merge combines two existing blockchain Unspent Transaction Output (UTXO) sets into a single chain. In Bitcoin Private’s case, it combined UTXO sets from Bitcoin and ZClassic. ZClassic was originally forked away from Zcash to remove the blockchain’s founder’s reward. Bitcoin Private forked away from ZClassic to revitalize the ZClassic community.

While Bitcoin Private had an intended 21 million coin supply cap, similar to Bitcoin, Coinmetrics found that an additional “2.04 million units were covertly minted during the import of the Bitcoin UTXO and sent to the BTCP shielded pool,” pushing the actual BTCP supply cap to 23.04 million. Shielded pools contain coins stored in shielded addresses, which employ Zk-SNARKS, a privacy technology that anonymizes transactions.

According to Coinmetrics, these additional units contradicted Bitcoin Private’s whitepaper and Bitcointalk announcement thread which stated that Bitcoin Private will have a total coin supply of 21 million and no premines.

Coinmetrics started exploring the possibility of a convert premine, after they found discrepancies between the supply data pulled from their Bitcoin Private node and the estimated outstanding supply of BTCP. According to calculations, there was an expected outstanding supply of 20.607M BTCP, at the time of Coinmetric’s writing. However, Coinmetric’s node showed that there was, in fact, an outstanding supply of 20.841M BTCP (Coinmetrics notes that this figure includes excludes the shielded pool).

According to Coinmetrics, there were several hypotheses proposed to account for the discrepancy:

  • Their node is not on the correct chain and was being fed bad data
    • Coinmetrics confirms that their node was publishing the same block hash as the explorer ran by btcprivate.org, the official page for Bitcoin Private
  • There was a bug in the pull code that prevented Coinmetrics from receiving accurate data
    • Coinmetrics confirms that the same pull code was able to send accurate Bitcoin data to their Bitcoin node
  • The mining reward was changed since the publication of the whitepaper
    • Coinmetrics confirms that there haven’t been changes Bitcoin Private’s mining reward
  • Zk-SNARKS, the privacy technology employed by Bitcoin Private, has been broken and someone has been minting BTCP into shielded pools
    • Coinmetrics argues that this is implausible because if Zk-SNARKS were exploited, hackers would attack Zcash, a more valuable cryptocurrency that uses the same technology
  • There was a hidden premine
    • Coinmetrics confirms this is the case

Coinmetrics explains that during the UXTO import leading to the Bitcoin Private fork, “special blocks” were produced by the Bitcoin Private network that contained 400 extra outputs containing 50 bitcoins each. Coinmetrics found that there were 102 of these special blocks. By calculating these figures (102 special blocks * 400  extra outputs * 50 bitcoins) Coinmetrics concludes that 2,040,000 additional BTCP were produced. Coinmetrics charted out the expected bitcoin UXTO import vs. the actual import in the chart below.

These abnormal blocks were clear in the following charts Coinmetrics published:

So what happened to these extra BTCP tokens? Coinmetrics found that these covert premines were “sent to shielded addresses on April 29th, 2018” and around “300k BTCP were withdrawn from the shielded pool between July 11th and August 18th.” If these coins were sold on the open market, Coinmetrics estimated that the sellers “could have netted a profit on the order of $1M to $3M.” The remaining 1.74 million premined units are unmoved.

One interesting thing Coinmetrics notes is that “only about 15% of all possible coins were ‘activated’ on BTCP.” This means that the premined BTCP would represent a significant portion of the active BTCP supply on the market. Coinmetrics estimates that were 3.12 million BTCP claimed during the fork. The 300k BTCP from the premine that were moved out of the shielded pool would represent 9.5% of the total active BTCP supply. “For every 10 BTCP in post-fork wallets, 0.95 comes from the premine,” Coinmetrics concludes. 

Coinmetrics ends their report by exploring why these premines were undetected. Coinmetrics draws two explanations:

  1. Inappropriate supply checks
  2. Weak UTXO import verification

Inappropriate supply checks

Bitcoin Private’s supply was derived from a variety of places. This “arcane and unfamiliar” process led to weak supply auditing tools and functions. “BTCP users had to trust that both the UTXO import and the mining processes were done in accordance with the developer’s claims.”

Weak UTXO import verification

After the UTXO import, the Bitcoin Private team released files and auditing tools to community members. Each of these files “contains the contents of a single import block” and the 10,000 transactions imported by a single bitcoin UTXO. According to Coinmetrics, people auditing these files, using the consensus code, would have found no issues confirming that there were indeed 10,000 transactions per block and that each transaction’s “first output matched the expected BTC value and script.” However, the consensus code did not check that there “were no additional outputs” in a block. As such, any additional output (coin) in a block would have been overlooked.