This article was published on September 20, 2018

Crippling DoS vulnerability put the entire Bitcoin market at risk

This could have been waaaaay worse


Crippling DoS vulnerability put the entire Bitcoin market at risk

The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin Core software or risk having the whole thing collapse.

Until now, Bitcoin miners could have brought down the entire blockchain by flooding full node operators with traffic, via a Denial-of-Service (DDoS) attack.

“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”

Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately.

As far as the attack vector in question goes, there’s a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it.

The bug relates to its consensus code. It meant that some miners had the option to send transaction data twice, causing the Bitcoin network to crash when attempting to validate them.

As such invalid blocks need to be mined anyway, only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.

While this certainly seems unlikely (barring any digital Tyler Durden-types wanting to destroy something beautiful), it does raise eyebrows. The great defence of Bitcoin is that it’s far too decentralized to be brought down by any single entity.

Prolific speaker and cryptocurrency advocate Andreas Antonopolous has already weighed in on vulnerabilities like these. In the past, he defended the quality of Bitcoin’s development, considering its open source nature.

He has been particularly enamoured by the community’s rigorous dedication to checking code quality. While these situations are surely dangerous, it could have been way worse – especially if new, buggy cryptocurrencies had decided to fork the Bitcoin Core version susceptible to DDoS.

(Clarification: Please note the tweets by Antonopolous are not in relation to this particular attack. The decision to include the tweets was to highlight the importance of auditing code.)

It’s worth pointing out that Bitcoin is hardly the only cryptocurrency researchers have found kinks in recently. Indeed, a Bitcoin Core developer recently discovered a crippling flaw in Bitcoin Cash – a forked version of Bitcoin.

While never convenient, responding appropriately to such potential dangers is crucial to maintaining the integrity of blockchain tech – especially when reversing transactions is not an option.

But in the meantime, go ahead and mark this as yet another day of discovering just how close we were to a Bitcoin collapse: crisis averted.

If you’re interested in everything blockchain, chances are you’ll love Hard Fork Decentralized. Our blockchain and cryptocurrency event is coming up soon – join us to hear from experts about the industry’s future. Check it out!

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top