Bitcoin’s Fork And Its Security Implications – Part 2

Bitcoin’s Fork And Its Security Implications – Part 2 (1).jpg

By Cassio Goldschmidt

In the previous article I reviewed the Segregated Witness (SegWit), a Bitcoin soft fork developed to scale Bitcoin by trimming transaction data that was stored in the block and segregating it in another structure, freeing up space for more transactions. I finished the article promising a follow-up article on SegWit2X, which was scheduled to be released in November 2017.


Despite initially enjoying a 95% backing of Bitcoin's hashrate, the SegWit2X fork was called off due to a lack of consensus to whether SegWit2x would be an upgrade replacement for the existing blockchain or just another dividend altcoin like bitcoin cash (BCH) or bitcoin gold (BTG). The proposal to increase Bitcoin’s block size from 1MB to 2MB to improve its scalability was postponed and ultimately resulted in the hefty transaction fees of nearly US$15 users are experiencing today.

The announcement on December 16th of a SegWit2x revival took the bitcoin community by surprise. The hard fork took place on December 28th at block number 501451. Although the project shared the name with the SegWit2x fork that was canceled in November, the fork has nothing to do with the previous initiative.

The SegWit2X (B2X) “revival”

SegWit2x has plenty of red flags. Their website and codebase may look legitimate, but a closer look reveals some questionable information and practices.

The new SegWit2X is an entirely separate effort taking advantage of the name of the canceled project. Minimal information is available online about the team members. Jaap Terlouw, project’s founder, only has a half-empty LinkedIn profile. LinkedIn profile for Donna Kurtz, Business Development, is no longer available.

Besides distributing the same number of B2X coins to everyone who had BTC before the split, supporters of the fork will get a share of Nakamoto’s 2 million originally mined Bitcoin, converted to B2X at a 1:1 ratio, according to the information available in the website. No indication has been offered of how the team will be able to access the coins, which can only be unlocked using Nakamoto’s private keys. Another peculiar promise includes the recalculation of complexity after each block. By the time one block is mined, the next could already be mined before the difficulty adjustment. As a result, the difficulty would fluctuate wildly based on who got what block first and how many came right after.

Perhaps the most dubious feature of the new codebase is the massive and unexplained pre-mining of 6 million coins using three distinct addresses committed in the code at different block heights. This 28% control of the total supply of 21 million coins constitutes an astonishing degree of control over the project and represents an enormous potential profit to the team members as well as an opportunity to commit pump and dump fraud.

As cryptocurrencies become more popular, enthusiasts should take the time to understand new technologies. Jumping into new and unproven territory can result in disappointments with unfulfilled promises and expectations.

About Cassio Goldschmidt

The Vice President, Cyber Resilience Practice at Stroz Friedberg, an AON company, Cassio Goldschmidt is an internationally recognized information security leader with strong background in both product and program-level security. Outside work, Cassio is known for his contributions to Open Web Application Security Project (OWASP) , Software Assurance Forum for Excellence in Code (SAFECode), the Common Weakness Enumeration (CWE)/SysAdmin, Audit, Network, Security (SANS) Top 25 Most Dangerous Software Errors, along with contributing to the security education curriculum of numerous universities and industry certifications.

More About Cassio