The Bitcoin Private altcoin development team (BTCP) has confirmed the creation of 2.04 million BTCP units "that have never been designed to exist on the blockchain," according to an official statement published on December 24th.
On December 23rd, the digital assets analytics site, Coin Metrics, published a report that revealed that another 2.04 million BTCP altcoin units were secretly coined during the import of Bitcoin data (BTC) about $ 3.9 million at the time of printing. According to the project white paper, the total BTCP offer is about 20.4 million coins, while the secretly awarded BTCP has brought "the initial offer to 22.6 million".
The main team of BTCP states in its statement today that, after receiving the reports, "immediately started an investigation to ascertain whether the alleged findings of a further amount of BTCP coins were true." After performing an internal audit, the team officially states that the results of Coin Metrics have been "mathematically accurate". The team added:
"However, at the moment, the source, purpose and recipient of this exploit are currently unknown to Bitcoin's private donor team."
The statement also cites the chronology of events related to the problem, emphasizing that in the end there was a published size for a specific problem, which was subsequently accepted by a developer, who became a BTCP developer and was "promoted to a collaborator on GitHub, allowing him to join pull requests. "
Reportedly, the developer then completed the problem, merged his code and received the reward. The BTCP team also discovered that a line in the "allow" code is missing[ed] the fork mine to be exploited due to the nodes that do not correctly control the falsified fork blocks. "Once the size has been collected, the developer has abandoned the BTCP project.
Subsequently, the threat actor exploited the bug, creating over 2 million coins during the publicly announced fork mine. The declaration says:
"Since the code was open source and the mine was announced on Twitter, anyone with sufficient knowledge of the development of blockchain could have exploited it."
The BTCP team also notes that it is unclear whether these coins have been transferred to a stock exchange or used or stored elsewhere. However, the team statement concludes:
"This particular exploit could only be exploited during the gallows mine, which had already occurred at the beginning of this year, so this particular bug can not be repeated, nor can it be further exploited."
The BTCP team also stated in the announcement that they had "no prior knowledge" of the incident before the Coin Metrics report was released to the public.
At the end of the statement, the BTCP team writes that they have contacted HitBTC for the exchange of cryptocurrencies on the situation. HitBTC did not respond to Cointelegraph's request for comments by press time.
At the time of printing, BTCP traded at around $ 1.97, down close to 7 percent in the last 24 hours, according to CoinMarketCap.
In September, Bitcoin Core released an update following the recent detection of a software vulnerability. It is reported that the vulnerability could have caused a crash of previous versions of Bitcoin Core if they attempted to process a block transaction that attempts to spend the same amount twice.