Bitcoin Core Developers Discover and Patch Major Software Bug

21. Sep 2018 Posted by D. Dob on News

As the world’s most important digital currency, bitcoin’s security is considered robust. Yet, this doesn’t mean that its software is completely free from bugs. With this in mind, a severe vulnerability in the Bitcoin Core software has been discovered and fixed by developers on Tuesday.

According to documentation, the bug in question was a denial-of-service vulnerability that was mistakenly introduced via a software update last year.  To put things better into perspective, if exploited, the bug could have been used to temporarily shut down miner nodes, while also crashing most of the network. The vulnerability allowed miners to seamlessly create a ‘poisoned’ block containing a double-spending transaction that would then be dispersed across the network of miners and nodes.

Normally, the bitcoin software has layers of protection against double-spend transactions, yet these fail if the transaction is somehow introduced into a block. In other words, all nodes receiving the poisoned block would have crashed, leading to a fair bit of panic on the network. However, initiating the attack would require the ill-intended miner to give up on their 12.5 BTC block discovery reward, equal to approximately $75,000.

In a recent press statement, Emin Gun Sirer, a professor at the Cornell University mentioned: “For less than $80,000, you could have brought down the entire network. That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.”

Luckily, the issue has been fixed via the last Bitcoin Core software patch. Therefore, all node operators and miners should update to the latest version of the software, to ensure they won’t be affected.

Developers have mentioned that ‘stored’ bitcoin were never at risk, yet those involved with the Lightning Network could have felt a negative impact, due to its software architecture.

Based on everything that has been outlined so far, even if such an attack took place, it wouldn’t have marked the end of bitcoin. Rather, its possible effects included network disruption, longer confirmation times, and increased price volatility due to panic.