> The rapid implementation of the patch was vital in keeping Bitcoin a viable cryptocurrency. 184 billion Bitcoin would have devalued the currency completely, leaving it at the mercy of the person holding the newly-minted Bitcoin.
It would have become worthless, sure, but I imagine that other people would have also just gone around creating additional batches of 184 billion BTC and driving the project into the ground, rather than letting one person walk off with effectively the entire thing.
- 2.4 million bitcoins are lost forever. Their owners, for one reason or another, can't access their wallets. No insurance, no guarantees, nothing.
- 1.1 million are owned by a mysterious person who sits at the top of the pyramid.
- 2.3 million belong to investors and speculators, who make money by pumping and dumping.
- 1 million are owned by banks, the same institutions the mysterious man said his system would replace.
- 1.6 million are held by whales: billionaires, money launderers, narcos, weapons dealers, and so on.
- 1.4 million are still left to be mined, but only a handful of rich people with servers worth millions can actually mine them.
- The rest are owned by individuals who see it as a long term investment.
- It's a digital currency most people don't use to buy or sell anything. The only ones making transactions are banks, investors, and the rich.
- And if you own even a tiny bit of bitcoin, and read something like this, you go ballistic and end up siding with the banks, investors, and the rich to keep the system going.
I can't think of a worse system to fight inequality.
The banks won.
I don't have access to the sources for your numbers, but you fail to explain why this is a problem. Physical bills get lost or destroyed all the time, too.
> the same institutions the mysterious man said his system would replace.
I'm unaware of Nakamoto making any such claim. At most there was a goal to provide an alternative to the fiat currency system (https://cointelegraph.com/learn/articles/what-is-the-purpose...).
It turns out that people - most notably merchants - are thus far uninterested in using it that way. Government fiat is how everyone is accustomed to valuing legal tender. Further, government currently will not allow for fractional reserve banking to be done using Bitcoin deposits. FRB is essential to how our credit system works - although I imagine it would also cause a problem for Bitcoin anyway, since its value is supposed to depend on artificial scarcity.
> only a handful of rich people with servers worth millions can actually mine them.
Historically, Bitcoin can be and has been mined on consumer hardware. Whether this is profitable will depend on several factors, but it's one of the reasons that consumer grade graphics cards have increased in price lately. I'm unaware of any major economies of scale here.
> And if you own even a tiny bit of bitcoin, and read something like this, you go ballistic
You have apparently been around HN for 16 years; you should know better than to post like this.
> I can't think of a worse system to fight inequality.
This is a complete non sequitur. "Fighting inequality" is not as far as I can tell a goal of Bitcoin, and in general new technologies have no moral obligation to do so.
> The banks won.
This is fundamentally at odds with your own claim that criminals - especially money launderers - hold large amounts of Bitcoin.
Mining bitcoin with consumer grade GPUs hasn't been viable for a very long time. Any serious miner will be using ASICs. The reason why GPU prices exploded is the double hit of COVID supply chain disruption followed by the emergence of LLMs.
- Inequality: Research from 2025 has found that the popularity and application of cryptocurrencies have not only promoted financial innovation, but also exacerbated wealth inequality. In other words, blockchain developers have made the gap between rich and poor even worse. https://www.researchgate.net/publication/391506544_Cryptocur...
- As banks buy up bitcoins, who else are the 'Bitcoin whales'? https://www.bbc.com/news/technology-68434579.amp
- A quote from Satoshi's forum message that he posted on Feb. 11, 2009. It explains the goal of creating Bitcoin and why using banks demands too much trust with no guaranteed positive outcome. https://u.today/did-satoshi-nakamoto-foresee-current-bank-cr...
- Prior to May 2021 Bitcoin miners were hugely concentrated, with around 60% to 70% located in China. https://mitsloan.mit.edu/ideas-made-to-matter/bitcoin-who-ow...
- Bitcoin ownership is concentrated among the rich. Research showed that at the end of 2020, there were 1,000 “clusters” controlling 2 million bitcoins. https://mitsloan.mit.edu/ideas-made-to-matter/bitcoin-who-ow...
- Between February 2011 and July 2013, drug dealers operating on Silk Road facilitated sales amounting to 9,519,664 bitcoins. https://en.m.wikipedia.org/wiki/Silk_Road_(marketplace)
As I said before, the banks won.
This is the dumb part about today's crypto imo. It is just a type of consensus among humans. People like to say its "all math" or some fundamental property of nature but that isn't true at all. It is a constant in a text file + people agreeing on its value. I.e. if a sufficient number of people agree that "we're bumping it up to 1 billion now", that is how many there would be. The argument really is how much better is this mechanism than other stores of value? Fiat currency is also a number where some people are given a magic wand to make more of it up on the spot. Gold is something that you either store in your house and hope that it is real or have someone else store it for you (or pretend to store it). Real estate is fine until the city / government decides that you don't own the title anymore. Basically it is a comparison of one absurd mechanism vs other absurd ones but perhaps Bitcoin is less absurd in the final analysis.
Having 50+% of the hashpower could let you double spend by mining on two forks in parallel, but it will never let you change the rules of the protocol, since these are defined on clients run by many people.
In fact that is what happened in the article. Someone realized there was a problem, got everyone to change their clients, and it changed. The first person to notice the bug did not need to hold any Bitcoin at all to make this change.
Not only would no-one have confidence that the same thing wouldnt happen again, but the value of the bitcoin in this new version would be half that of the old system. No one who holds bitcoin (the people who count here) would agree to use the new version. It would be dead in the water.
Even if it did manage to gain traction (which it wouldn't), the people still using the old version would prevail due to their use of harder money, just as bitcoiners are prevailing over fiat-holders.
It's like trying to change the text of the bible - something of that order of difficulty but still much, much harder due to the enormous incentives to carry on using the previous harder version.
What?? Are we just going to forget about BTC, BCH and BSV? Same thing happened with Ethereum too - with Ethereum (ETH) and Ethereum Classic (ETC).
Bitcoin is a mind virus that’s working. It co-opts human minds and synthetics to support itself. If you understood that perspective, you would have contributed to its growth earlier, others get it later.
I don't know if this is the central takeaway I get from this. Moreso it shows Bitcoin dodged a bullet, in that there was still a central figure or group with enough clout to roll back and fork the chain.
You can't hold down superior money.
So, it's good that the transaction was undone, or 15% of our planet would now be owned by some hacker.
(To be real: if they had not undone the transaction immediately, then the price of Bitcoin would have collapsed, and probably that would have been the end of Bitcoin)
$21tn in bitcoin isn't going to get you any more money than $1tn would.
Imo not great, not terrible.
why? It's not like btc has anywhere near the trade volume for 15% of global money supply.
Yes, Bitcoin does not have sufficient trade volume, and it was a joke anyway. Bitcoin would probably not have survived even one more month in 2010, if there were 184 billion new "fake" bitcoins added in the mix.
Even ignoring all the problems about the Bitcoin software being proven to be seriously broken, those 184 billion extra bitcoins meant that every other Bitcoin was suddenly worth about $0.0000000000000001
You can’t just magically update the protocol to work around the ability of someone to break elliptic curve cryptography. That not how this works. It’s not how any of this works.
Once people catch wind of bitcoin being moved from secure places, nodes will cease processing transactions, quantum capable thieves will be frozen
Network will upgrade if it hasnt already, nodes will only process transactions on the network with the most other nodes
They might even resume from a few block back. No different than branching from an old commit
If this doesnt match your philosophy of legitimacy, you can try continuing in the orphanage chain and get other nodes to join you. May the longest chain win!
This has all been theorized before and has subsequently happened before and the resolution has given confidence to attract more capital.
Have you reviewed any of the proposals to do exactly that? https://bitcoinops.org/en/topics/quantum-resistance/
All of my hardware wallets are now worthless? All of the hardware security modules used for wallets managed by corporations no longer work?
It's an absolute mess for so many reasons that a "protocol fix" just doesn't cover.
Not necessarily. See "Discussion of Guy Fawkes signatures to protect some current bitcoins against quantum theft" and "Commit/reveal function for post-quantum recovery of insecure bitcoins" sections of the Optech page.
You agree on a post-quantum algorithm…
https://en.m.wikipedia.org/wiki/Post-quantum_cryptography
Then you update the protocol…
https://www.reddit.com/r/Bitcoin/comments/qth9ii/how_does_bi...
Right?
More of an economic than technical puzzle these days. But wouldn't you need users to protect their wallets post-fork?
The bitcoin that has been lost doesn't matter, because it's lost. That becomes fair game to whoever can find the computational resources to crack the cryptography of the wallets to get to it. At that point BTC will probably be $500k-$1M in price, and it might just be the driving force behind mainstream adoption of quantum computing.
There are still influential people, but none with the authority of Satoshi himself.
For example, now, many L2s around Bitcoin are fully depending , and influencing on a future change: enabling again the OP_CAT opcode [1].
Software versions and updates require social / economic consensus and have nothing to do with mining power. Bitcoin is open-source protocol / software and everyone can use whichever version they like. But there's also economic incentives to use the most used version and to make sure that it will keep being the most used version, i.e. forks are bad and should be avoided, therefore it's in everyone's interest to reach consensus.
With something like 45% of processing controlled by entities in Iran, China, and Russia, it seems like an absolute fools game to put any significant wealth in Bitcoin. All it would take is a significantly effective worm to destroy bitcoin. But hypers gonna hype.
You couldn't pay me to hold a Bitcoin.
Since Bitcoin is software anyone can fork it and create a currency y with the same ledger up to the fork but few people do because convincing other people to trade for it without a very strong argument is hard.
As opposed to any other modern financial system with significant liquidity in digital assets?
I fail to see how substantial private ownership distributed amongst those countries makes it significantly vulnerable.
Or just announce and prove that they are doing it, thereby causing a run on bitcoin and all the other bozobucks.
So this seems like a pointless distinction.
That’s the thing people thing of crypto coins as math, but they’re still a social construct.
I don't understand why that's so attractive to so many participants - possibly because the enormous negative externalities of such a thing more often than not don't fall on themselves, but other, more vulnerable people.
(Not always though: when 200 Bitcoin were stolen from ultra-libertarian Bitcoin developer Luke Dashjr, he came crying for help from the bad bad centralized FBI rather quickly...)
- Blockchains are immutable!
- The code is the law!
Not everybody agreed - and so the Ethereum Classic blockchain was created, causing all the problems that go hand in hand with having different, forked blockchains:
In Ethereum's case there were no violation of any specification. In fact there were no bug in the blockchain itself. Just someone took founder's money, they didn't like it and so they decided to get them back. And note that after that, there were bugs in the nodes code that were breaking the spec (which you should compare to the bitcoin's bug), but because of multiple node implementations only some of the nodes stopped and so we don't care about those issues.
Is there a tiny community of a couple of nodes running the original network?
There is a huge scientific merit of the algorithms for reaching a distributed consensus when not all participants can be trusted (including the fact that the Bitcoin paper uses game theory to give evidence why malicious entities attempting to create another fork will by the mere design of the algorithms have a hard time).
What is, of course, social consensus are some aspects about what it "socially" means that there exists this concrete consensus in the blockchain. By the design of the protocol and its data structures, there do exist boundaries concerning possible "social interpretations" of this consensus, but a lot of aspects are up to different interpretations.
Not quite. Distributed consensus had been solved in the 1980's theoretically and the 1990's practically, even in the presence of byzantine nodes. What Nakamoto consensus was first in was to extend this to the permissionless setting (at enormous expense & inefficiency, and with no benefits, in my view; though enabling large scale rule breaking or "censorship resistance", which some see as a benefit).
Could you give me some literature references on this topic, because I guess this is something new to me?
https://www.youtube.com/watch?v=KNJGPI0fuFA&list=PLEGCF-WLh2...
Bitcoin didn’t solved a forkability and finality problems. Blockchain (or more properly hashchain) is a linked list of hashpointers, and since anyone can create a hashpointer pointing to the head of the hashchain - it means anyone can fork it. And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
IMO PBFT consensus algos have a niche applications anyway, and not required for Electronic Cash implementation, only for decentralized and/or disintermediated Systems-of-Record, but that’s a complete opposite of bearer instruments like electronic cash.
That is what I wrote:
> What is, of course, social consensus are some aspects about what it "socially" means that there exists this concrete consensus in the blockchain.
In your private Bitcoin clone, such a consensus has a "socially much more boring" interpretation.
Yes, they existed a long time ago and aren't wasteful as a way to generate "value".
Can you give me a literature reference for such a result, because this claim surprises me.
Of course Merkle trees existed long before - but they are just "cryptographically signed data structures", and thus don't solve the distributed consensus problem.
Of course eCash existed long before - but it depended on some central authority.
Of course distributed consensus algorithms existed long before - but they depended on the fact that all participants are trustable.
Thus, in my opinion Satoshi Nakamoto indeed made a really important scientific contribution for a quite specific algorithmic problem.
No. They depended on the fact that all participants were known (in other words, the permissioned setting). Among those known ones, some (less than n/3) could go bonkers, all the way byzantine, and the honest nodes would still be guaranteed to find consensus (with consistency and availability).
1) Permissioned, Sync, PKI: SMR possible, any f (!), Dolev-Strong (1983, [-5])
2) Permissioned, Sync, no PKI: SMR impossible if f >= n/3, PSL (1980), FLM (1985) (the hexagon proof, [-4])
3) Permissioned, Async: SMR impossible even with f=1 (!), FLP (1985) ("endless bivalent", [-3])
4) Permissioned, partially sync: SMR with "eventual availability" impossible if f >= n/3 [-2], possible otherwise (eg Tendermint [-1], Byzantine Paxos, PBFT)
In setting 4), PBFT-type protocols such as Tendermint guarantee consistency (among the "honest" nodes following the protocol as intended - you can't make any guarantees wrt to faulty or byzantine nodes) and eventual availability (that is, all requests sent by clients will "sooner or later" be dealt with) once network functionality is resumed.
That is consensus, for all intents and purposes, given that more consensus isn't really possible due to 2), 3). And arguably better consensus than Nakamoto consensus, which improves the boundary in 4) to n/2 (without selfish mining) at the cost of being stochastic, not deterministic, but replaces "consistency always, availability eventually" with "consistency eventually, availability always", arguably the wrong choice for financial applications.
[-5] https://timroughgarden.github.io/fob21/l/l2.pdf
[-4] https://timroughgarden.github.io/fob21/l/l3.pdf
[-3] https://www.youtube.com/watch?v=vJhm9uhd34E&list=PLEGCF-WLh2...
In Bitcoin PoW used as a method for leader election of the node composing the list of validated transactions on the ledger (aka block), or even an empty list of transactions (aka Nakamoto-style Consensus).
But without all the Rube Goldbergian nonsense it’s simply an illegal/unlicensed lottery where the participants pay with electricity for the right to earn records on the longest chain (aka UTXO with mining block rewards).
Not quite. Nakamoto consensus is PoW + LCR, and the PoW part is for Sybil resistance, and the LCR part is for consensus.
> The Rube Goldberg of PoW isn't just for show, it's a protection from Sybil attack
he cherry picked PoW
no, Nakamoto-style consensus is not the same thing as PoW, or even PoW+LCR, not even the same thing as Bitcoin consensus.
Nakamoto-style consensus simply means that we're doing a leader election, and the leader does the transaction validation (aka mining a block in Bitcoin-speak).
The novelty of Nakamoto-style consensus is how we're doing this leader election, i.e. using PoW, PoW+LCR, PoS, PoET, PoA, Proof-of-X, etc.
It is PoW + LCR. I refer you to Roughgarden, Foundations of Blockchains, Lectures #9: Permissionless Consensus and Proof-of-Work, item 5:
> 6. Lecture 8 shows that the only ingredient missing from a permissionless version of longest-chain consensus with provable consistency and liveness guarantees is a permissionless node selection subroutine that selects honest nodes more frequently than Byzantine ones.
Fair enough, this is just one definition. There are others. Some even piling the entire bitcoin protocol under Nakamoto Consensus umbrella (including 21M BTC cap).
I was talking about Nakamoto-style Consensus not specific to Bitcoin, more like in (6).
I have been researching crypto for over a decade. And I would be glad if I was corrected if I was wrong, instead of receiving personal remarks
"crypto bros LARPing". "it’s simply an illegal/unlicensed lottery"
> And I would be happy to be corrected if I made a mistake, instead of getting personal remarks.
Sure.
> Nakamoto Consensus didn’t solved a secure scalable PBFT (Practical Byzantine Fault Tolerant) Consensus.
How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
> Bitcoin didn’t solved a forkability and finality problems.
There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
> And indeed Bitcoin was forked multiple times, and the solution to forks was almost always either centralized and/or social.
That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
I was at Bitcoin scene since 2011, I think that I can distinguish LARPing from the real thing. It's not me who created a dychotomy between fiat and crypto, between HODLers/coiners and noicoiners, between Traditional Finance and Crypro Finance, between CeFi and DeFi, between IPOs and ICOs, etc. Crypto always looked like a Pinoccio who want to become a "real boy".
> "it’s simply an illegal/unlicensed lottery"
yes, the PoW-based mining is litterally called a puzzle solving or a lottery. How do you call a game where everyone buys a ticket with electricity, but only one at a time wins a block reward?
> How could it? PBFT is an algorithm, not a problem to be solved. Bitcoin is byzantine fault tolerant though.
OK, BFT (not PBFT algo) is a class of problems with many proposed solutions, but none is good enough if you need scalability. Bitcoin is a partital solution under multiple constraints, even 1/3 of malicious nodes can undermine it. Internet backbone (BGP) should be trusted. Governments should allow it. etc.
> There's no such thing as a "forkability problem" and Bitcoin solves finality through PoW.
the on-chain Bitcoin transactions are never final. Everyone have their own heuristic how many blocks to count depending on the amount transacted. Protocol only defines how many blocks gamblers (miners) need to wait before they can spend their lottery winnings (block rewards).
> That's wrong. The vast majority of forks are resolved algorithmically. There were only 2 or 3 unintentional hard forks in the early days that were due to bugs. This hasn't happened since 2013.
There were many more than 2-3 both intentional and bugs, but why argue? Even 2-3 hard forks are enough to show that it's bad design. Forks should be impossible by design.
> The only real "social" aspect of Bitcoin is what value people decide to assign to the coins.
IMO there are many more social aspects here beside price discovery of UTXO records and social consensus. Bitcoin core governance, Mining centralization in China. Cypherpunks. LARPing.
This is wrong on multiple counts. Bitcoin's security model does not assume BGP is trustworthy, nor does it rely on government permission. And the claim that 1/3 malicious nodes can undermine it misapplies BFT theory. Bitcoin doesn't use a quorum-based consensus like PBFT, so thresholds like 1/3 aren't the relevant failure mode. Instead, the attack vector is hashrate-based, and even a 51% attack doesn't let you rewrite history arbitrarily, just temporarily reorder recent blocks.
> The on-chain Bitcoin transactions are never final.
This is misleading. Bitcoin finality is probabilistic, like nearly everything in cryptography. It's final in the same sense that cryptographic signatures are unforgeable: with extremely high probability. The six-confirmation rule of thumb reflects the difficulty of deep chain reorgs which have never exceeded two blocks in practice on Bitcoin mainnet.
> There were many more than 2-3 [hard forks]... even 2-3 are enough to show it's bad design.
This conflates implementation bugs with protocol design flaws. The forks were caused by programming errors, not bad design.
> Bitcoin is a lottery.
You could argue that Bitcoin mining is because it's is probabilistic and there's a reward. But unlike a lottery, it serves an important role: securing the Bitcoin network.
Honestly, your critique reads more like cope than a technical argument.
Yes, Bitcoin finality is probabilistic, and practically good enough after half a day or so (though 20 blocks were rolled back on at least 2 occasions).
However, many things in cryptography are not probabilistic. And in BFT-type consensus, every block is immediately final; the question of finality doesn't even arise (which is why the concept only gained prominence with Nakamoto consensus).
Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
Do you mean because of the bugs mentioned earlier or during the normal course of operations? Curious to read more about that.
> Regarding forks, there was BCH, BSV, etc. - those were not programming errors.
That's a different kind of "fork" though and those are arguably not Bitcoin. They're basically just competing cryptocurrencies that happened to use an existing blockchain to get started.
One occasion was the 184 bn Bitcoin bug, the other was an unintentional fork due to a faulty software upgrade.
Q.E.D.
You proved it’s a social consensus
You're response to me was to just verbatim repeat yourself while putting "no" in front of what I said. Incredibly pedantic discussion.
This is backed by academic papers. Ask google or GhatGPT. You may argue that these papers are wrong or outdated, but then you need to tell this to the researchers who wrote them, not to me.
2. finality is binary, probabilistic finality is an oxymoron
3. > This conflates implementation bugs with protocol design flaws.
there is no formal spec for Bitcoin, there is a short informal whitepaper and a reference C++ implementation. Anyway the paper named "Bitcoin: A Peer-to-Peer Electronic Cash System", and for this specific purpose design is flawed, without regards to bugs.
4. > Bitcoin is a lottery.
Now you're hallucinating quotes I never wrote.
> Honestly, your critique reads more like cope than a technical argument.*
can you show a specific example of the "cope"?
Pretty much all your comments here amount to twisting definitions, misapplying technical concepts, and nitpicking in search of "gotchas." Not to mention all the "LARPing" comments. It screams how to cope with having missed out, which, to your credit, you more or less admitted.
So, you think that if I had BTC, it would’ve magically changed my views on how Bitcoin consensus works?
BTW: I think Scrum/Agile is also LARPing, do you think if I’ll get a Scrum Master certification it will change my views on Scrum?