Cyber Incident Victim: pigeoncoin
Date:
Sep 2018
Location:
United States of America
Summary
A severe inflation bug in bitcoin's code was exploited on a smaller cryptocurrency, enabling an attacker to create 235 million units—approximately one-fourth of its total supply—causing temporary exchange suspensions. Developers swiftly implemented a patch derived from bitcoin's fix to address the vulnerability, which allowed unlimited coin creation by bypassing supply limits. The incident underscored broader risks for cryptocurrencies using similar codebases, though major forks had already patched the flaw. Observers monitored potential market impacts as the attacker held the illicitly minted coins, while concerns persisted about undiscovered exploits on other vulnerable blockchain projects.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 26, 2018, an attacker exploited a critical inflation bug in the pigeoncoin cryptocurrency, printing 235 million coins worth approximately $15,000. This vulnerability originated from unpatched Bitcoin code that pigeoncoin had inherited but failed to update after Bitcoin developers resolved the flaw weeks earlier. The exploit allowed the attacker to bypass pigeoncoin's hard-capped supply limit of 970 million coins, creating new units equivalent to 25% of the cryptocurrency's circulating supply. The attack directly threatened pigeoncoin's economic stability by risking severe devaluation through artificial inflation of the total coin supply.
Pigeoncoin developers detected the exploit and responded by urgently releasing a software patch derived from Bitcoin's earlier fix, instructing exchanges and mining pools to upgrade immediately to prevent double-spending attacks. CryptoBridge, one of the few exchanges listing pigeoncoin, temporarily suspended trading during the remediation. Developers and community members monitored the attacker's wallet via Discord, anticipating potential attempts to liquidate the fraudulent coins through exchanges or conversions to other cryptocurrencies. The incident highlighted systemic risks for Bitcoin-derived cryptocurrencies that had not applied critical security updates, with developers confirming Bitcoin Gold and Litecoin had already patched the vulnerability. No other exploited coins were publicly identified at the time, though observers warned cloned codebases remained vulnerable. The pigeoncoin team maintained public communication throughout the incident but did not disclose technical specifics of the attacker's methodology beyond confirming its relation to the known Bitcoin flaw.