Bitcoin Core, a free and open-source software that serves as a bitcoin node has patched a serious vulnerability. A major bug in bitcoin core could have crashed the network. Bitcoin core is considered to be bitcoin’s reference implementation and is the most used implementation by a large margin.
A bug found in Bitcoin Core version 0.14, that also damages all upcoming versions, could have caused a great majority of current Core nodes to crash. According to the developer’s patch release notes, developers released a patch that fixes Core version 0.16.2 and the recent 0.16.3. This fix requires an instant upgrade.
The documentation explains the bug as a “denial-of-service vulnerability” that was found in the Bitcoin Core in an update last year. The vulnerability primarily allowed miners to predict a number that adds a block of Bitcoin transactions to the blockchain for a reward. It also allowed the creation of a poisoned block by inserting a transaction that tries to spend the same coins twice. This poisoned block could then be sent around the Bitcoin network, crashing the software of any client that receives it.
The bug was not in the Bitcoin protocol but in its most popular software implementation. Some cryptocurrencies built using Bitcoin Core’s code were also affected. The Litecoin patched the same vulnerability on Tuesday, reported VICE.
The bug was explained by a Bitcoin.org co-owner @CobraBitcoin on Twitter, as “very scary.” The co-owner said that
A very scary bug in Bitcoin Core has just been fixed which could have crashed a huge chunk of the Bitcoin network if exploited by any rogue miners.
The software was released by Satoshi Nakamoto under the name “Bitcoin”, and after that renamed to “Bitcoin Core” to differentiate it from the network. For this reason, it is also called as the Satoshi client. As of 2018, Bitcoin Core repositories are monitored and maintained by a team of maintainers, with Wladimir J. van der Laan leading the release system.
Bitcoin Core comes with a transaction verification engine and connects to the bitcoin network as a full node. Not only this, a cryptocurrency wallet which can be used to transfer funds is also installed by default. The wallet enables the sending and receiving of bitcoins. It does not promote the buying or selling of bitcoin. It enables clients to produce QR codes to receive payment.
Emin Gün Sirer, an associate professor of computer science at Cornell University told Vice that
For less than $80,000, you could have brought down the entire network. That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.
How To Upgrade?
The patch release has further instructed about the upgradation process. Following are the steps:
- If users are running an older version then they should shut it down. They should wait until it has completely shut down (which might take a few minutes for older versions), then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).
- If users are running version 0.15.0 or newer then their chainstate database will be converted to a new format, which will take anywhere from a few minutes to half an hour, depending on the speed of their machine.
- Note that the block database format also changed in version 0.8.0 and there is no automatic upgrade code from before version 0.8 to version 0.15.0 or higher.
- Upgrading directly from 0.7.x and earlier without re-downloading the blockchain is not supported. However, as usual, old wallet versions are still supported.
The patch release has also given a downgrading warning. Wallets created in 0.16 and later are not compatible with versions prior to 0.16 and will not work if users try to use newly created wallets in older versions. Existing wallets that were created with older versions are not affected by this. This vulnerability is monitored as CVE-2018-17144 and is called as a simple “denial of service” (DoS) attack.
Sirer further stated,
The fact that lots of people are using something doesn’t mean they’re critically looking at its code, or that they’re not blind to fundamental mistakes. The one thing that does help is to have multiple versions of the same software. Another lesson from this episode is that monocultures are very dangerous.
Bitcoin core developers have also suggested users to upgrade any of the vulnerable versions to 0.16.3 as soon as possible. The patch release has also given credit to the anonymous reporter who reported this vulnerability.
A few days ago, the ‘unknown person’ who notified the popular Bitcoin Cash developer Bitcoin ABC of the critical ‘Chain-Splitting’ bug was revealed to be a Bitcoin Core developer. His name was Cory Fields and he anonymously reported the consensus bug, known as SIGHASH_BUG in April 2018. A so-called ‘chain-splitting’ bug, the vulnerability “would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains.
Shiba Inu Price Prediction: How High can SHIB Price reach by 2030?
Bitcoin Immutability Is A Shared Myth- A Brief History Of Tx Reversals And Chain Rollbacks
Revealed: The ‘Unknown’ dev who detected the BCH Bug
PEPE Coin Price to Reach $5 in the Next Seven Days?
Chinese Internet Security Company Finds Critical Vulnerabilities In EOS Blockchain
BitMEX Launches A Fork Monitoring Website
Edward Snowden Likes Zcash
Ethereum – Constantinople Hardfork Goes Live
ETH Constantinople Hard Fork to Activate in February 2019
Ethereum’s Hard Fork Delayed Due to Security Vulnerability
Stellar (XLM) Silently Patched a 2.25 Billion XLM Inflation Bug in 2017
White Hat hacker has Discovered Vulnerabilities in Ethereum DApp Augur
Is Ledger Putting Profit Over Security and Community Support?
Will Ethereum Constantinople Fork Occur by February 28th, 2019?
Topaz Testnet Goes Online Ahead Of Ethereum 2.0 Launch
Ethereum Berlin Hard Fork Scheduled For April
Whiteblock Says EOS is Not a Blockchain
Twitter’s Scam Bots make a return in 2019
Ethereum’s Constantinople Upgrade: What You Need to do to Prepare?
Ethereum Merge Event Approaches: Testnets Achieve Important Milestones Before Altair Hardfork
Telegram Zero-Day Vulnerability Used By Hackers To Spread Cryptocurrency Miner.
You might also like
More from Bitcoin News
The narrative surrounding Bitcoin ETF and Ethereum ETF has become a focal point in the crypto community. When will the …
Even as some giants announce restrictions, the prices of crypto continue to rise. But what's the story behind this? Here's …
BTC has managed to stay afloat, refusing to drop. Let's delve into these events and explore the strength of the …