The 4 people responsible for keeping Bitcoin going 🏭🧑🏭🔨
There’s been much talk about Bitcoin upgrades this week. Two, in particular, are doing the rounds among Web3 types: the Stratum v2 upgrade focused on changing how mining pools choose what transactions to verify, and BIP 324, designed to encrypt traffic between nodes.
SNOOZE.
But before you click away and spend the next hour scrolling aimlessly through reels (just me? ok) have you ever thought about who keeps Bitcoin going? Who maintains the code, updates it, and ensures it keeps going? Well, I did this week.
The currency, which has in its short history become a trillion-dollar project, and was designed to be a decentralized, community-driven project is actually maintained by just four people. Yes. Four people. A family saloon’s worth of humans maintains the code that keeps the lights on. But who are they? I decided to find out.
Tiny Coding Club 👶
The first thing to say about the Bitcoin Core team is that they’re not really a team. Rather, it’s a cabal of individuals scattered across the world that congregate inside Bitcoin’s repository on Github, the Microsoft-owned website. Oh, and they meet up one or twice a year.
The second interesting point is the coders are not paid in the traditional sense. While miners collect rewards from the network, there is no such luxury for Core maintainers. Instead, crypto companies and wealthy investors pay to sponsor Bitcoin Core maintainers and other key developers, through grants. Some of those companies included FTX and BlockFi, which have recently gone bust. More on that later.
While Core maintainers have come and gone, a recent spate of resignations has left just four people responsible for maintaining the code. These people are:
A sixth member, Wladimir van der Laan, became the lead maintainer in 2014 but stepped away citing burnout and health issues. As a result, the maintenance, bug bashing, and performance of the Bitcoin network sits with this group of engineers.
Since Bitcoin’s launch in 2009, 17 people have had access to change the code, according to a tally.
While you might be thinking, “What is there to maintain, surely the program runs itself?” I thought that until I heard about the inflation bug that nearly killed Bitcoin in 2018.
In September 2018, a long-time Bitcoin developer spotted a bug that would, if found, allow hackers to spend Bitcoin more than once. Essentially you could copy and paste crypto. Core maintainers had to quickly build a patch, and release a new version of the software before someone found out.
The flaw wasn’t disclosed until the bug was patched, to prevent panic in the markets. While such flaws aren’t common, the code requires constant maintenance.
Wait, so why can’t these 4 people just run away with all the Bitcoin? 💸
The Core maintainer's power is limited by the network itself. Bitcoin users running full nodes must opt-in to the code changes that Bitcoin Core maintainers approve, adding a layer of checks and balances to the protocol.
There are also lots of other engineers that submit proposals and push commits to the codebase. Best guess there are around 300 active developers working on Bitcoin. But they are reviewed and ultimately approved by the four mentioned above. You can even watch this happen on Twitch.
In the case of the 2018 inflation bug, the maintainers had to wait until more than 50% of the network updated its core software. This raises an interesting question: how good is the Bitcoin community at maintaining upgrades? Turns out it isn't great.
That’s because only a fraction of nodes ‘listen’ out for upgrades. These full nodes have open port connections that can be probed. However, not all full-nodes are listening nodes; some, hidden behind firewalls or configured to not actively listen for new connections, don’t have easily discoverable open port connections. Which is why China still has lots of miners operating despite the practice being banned in the country.
Another issue is that not all nodes run the latest version of the Bitcoin Core software. Of the reachable nodes, only 36% run the latest version, making further upgrades and security improvements harder, as upgrades typically work in a linear fashion: i.e. you have to have all upgrades, you can’t skip previous ones.
But let’s go back to the four maintainers for a bit 🤔
As discussed earlier, the maintainers rely on grants from outside companies to pay for their hard work. Three of the maintainers rely on a grant from Brink, a nonprofit that takes donations and turns them into grants.
Recommended by LinkedIn
But thanks to a market downturn, grant sizes have been shrinking, and maintainers are earning less than they were. At the same time, they have increasingly become targets for malicious actors.
Last year, Bitcoin Core Developer Luke Dashjr reported someone was trying to hack into his servers and managed to steal all his Bitcoin, worth $3.6 million. Later Dashjr’s name was used to sell code as an NFT. He has also spoken of how Core devs have been offered “considerable donations” for their cooperation.
State-sponsored actors (read: China) are believed to have tried to infiltrate software releases approved by the core team.
This raises an interesting point. In internet security circles, there’s a term people love to use when talking about hacking and breaking into things. The “attack vector” is the method someone would use to break into something.
As the number of Bitcoin maintainers has dwindled, so the amount of money, time or effort, to exert influence over a group becomes easier. Indeed, recent research shows that 60% of all Bitcoin-related internet traffic flows through just three Internet Service Providers. That led to a flourishing of attacks on Bitcoin. According to recent figures, each month, at least 100 Bitcoin nodes are the victims of hijacks.
Now, this isn’t a fixed thing. Bitcoin does get upgraded, it’s what kickstarted this whole article. So it’s not defenseless. What it does raise is an interesting point about what we all entrust to keep something as massive as Bitcoin running.
NOW you can go back to endlessly scrolling.
What People Are Shouting About this week 🗣️
The at first glance incredibly boring, but in reality, incredibly insightful and interesting thing you should read this week 🤓
A bot has been making a killing in the DeFi this week. The creator, jaredfromsubway.eth, a reference to the disgraced former CEO of the sandwich chain made $1.67 million in two days by carrying out a sandwich attack. This is when the trader places an order for a token on a DeFi app. But before the order is complete, a bot snaps up the token, driving up the price, and then immediately selling it for a profit.
To do that, the Jared bot spent $950,000 on Eth, or 7% of the total gas on the network. It’s being doing the same thing for months, racking up $7 million in fees, and more in profits.
But in DeFi, this is completely legal, as exchanges by design aren’t allowed to get involved in arbitration matters. Here’s to the foot long.
Chart of the week 📊
The number of mergers and acquisitions among digital-asset firms set a quarterly record in the first three months of the year, according to Architect Partners, an M&A advisory firm that has tracked such activity since 2016. There were 54 transactions in the period, almost 10% more than a year earlier, Architect revealed in a report.
Strange but true 😱
That's your lot for this week!
Please like and subscribe, and do something nice for each other ok?
I love you all. 💋💋