After spending a whole day breaching and stealing from the Pigeoncoin network, a hacker managed to get away with tokens worth only $15,000. The attack reportedly took place on Sep 27, 2018, and was carried out by exploiting a bug in the Bitcoin code.
The Vulnerability Exploited was not in the Pigeoncoin Network
According to reports, the perpetrator(s) stole nearly 235 million Pigeoncoin tokens which amount to roughly $15,000. Of course, that’s not a small amount per se, but things could have ended up far worse considering that most attacks of this magnitude usually end up inflicting damages worth hundreds of thousands of dollars or even higher.
Users of the Bitcoin Talk forums first spotted the breach after they came across suspicious blockchain activities. The source of the offense was later traced back to a user named “mrsandman1.”
An internal investigation later led to the discovery that the attackers didn’t exploit any Pigeoncoin vulnerability. Instead, it was a bug in the Bitcoin code that granted them access to the network.
Said bug, dubbed CVE-2018-17144, was found and patched eight days before the attack. Many security experts called it one of the most notorious bugs in the history of the Bitcoin network.
Narrow Escape from Horrifying Consequences
The investigators further pointed out that the Bitcoin network narrowly escaped dire consequences as the bug, had it been successfully exploited before it was fixed, could lead to the crash of network nodes and cause a so-called “51% attack.”
A 51% attack would have enabled the perpetrators to execute a double-spend attack and get away with hefty sums.
Although the bug was quickly fixed soon after its discovery to ward off any unwarranted situation, the changes could not be immediately applied to the codes at the hearts of some smaller Bitcoin-based cryptocurrencies.
This is precisely what caused the recent Pigeoncoin attack. The developers of the network could not timely implement the upstream fix for the CVE-2018-17144 Bitcoin bug, leaving it vulnerable to potential breaches.
Eventually, the developers got their act together and took care of the bug, but the damage was already done by then.
One in Four Pigeoncoin Tokens Lost to the Attack
While the attack was relatively low profile considering only around $15,000 was lost, the damage suffered by the Pigeoncoin network was significant. Of the total 923 million tokens in the system, a little over 25% (235 million) were stolen.
Pigeoncoin happens to be one of the least known and least traded cryptocurrencies in circulation today. With each token priced at just around $0.000066, the market cap of the coin currently stands only $60,000.
In all likelihood, the attacker probably didn’t pay heed to these numbers as otherwise, they were unlikely to have spent a whole day attacking a coin that is barely traded anywhere or used by anyone.
Worth mentioning here that even though most major Bitcoin-based cryptocurrencies such as Litecoin have already integrated the CVE-2018-17144 fix to their source codes, many of the smaller coins are yet to follow suit.