Crippling DDoS vulnerability put the entire Bitcoin market at risk
The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin BTC Core software or risk having the whole thing collapse.
Until now, anyone could have brought down the entire Bitcoin blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack.
“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”
Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately.
As far as the attack vector in question goes, there’s a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it.
The bug relates to its consensus code. It meant that some miners had the option to send transaction data twice, causing the Bitcoin network to crash when attempting to validate them.
As such invalid blocks need to be mined anyway, only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.
While this certainly seems unlikely (barring any digital Tyler Durden-types just wanting to see something beautiful die), it does raise eyebrows. The great defence of Bitcoin is that it’s far too decentralized to be brought down by any single entity.
Prolific speaker and cryptocurrency advocate Andreas Antonopolous weighed in on the vulnerability in a tweetstorm. He defended the quality of Bitcoin’s development, considering its open source nature.
He was particularly enamoured by the community’s rigorous dedication to checking code quality. While the situation was surely dangerous, it could have been way worse – especially if new, buggy cryptocurrencies has decided to fork the Bitcoin Core version susceptible to DDoS.
Ironically, some are outraged that exploit code was used to attack BU nodes. Consider if this code was held back until 20 blocks into a fork
— Andreas M. Antonopoulos (@aantonop) March 15, 2017
It’s worth pointing out that Bitcoin is hardly the only cryptocurrency researchers have found kinks in recently. Indeed, a Bitcoin Core developer recently discovered a crippling flaw in Bitcoin Cash – a forked version of Bitcoin.
While never convenient, responding appropriately to such potential dangers is crucial to maintaining the integrity of blockchain tech – especially when reversing transactions is not an option.
But in the meantime, go ahead and mark this day as yet another one we discover just how close we were to a Bitcoin collapse: crisis averted.
Published September 20, 2018 — 09:22 UTC