Crippling DDoS vulnerability put the entire Bitcoin market at risk

[nir]

This could have been waaaaay worse

 

The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin $BTC▲1.5% Core software or risk having the whole thing collapse.

 

Until now, Bitcoin miners could have brought down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack.

 

“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”

 

Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately.

 

As far as the attack vector in question goes, there’s a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it.

 

The bug relates to its consensus code. It meant that some miners had the option to send transaction data twice, causing the Bitcoin network to crash when attempting to validate them.

 

As such invalid blocks need to be mined anyway, only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.

 

While this certainly seems unlikely (barring any digital Tyler Durden-types wanting to destroy something beautiful), it does raise eyebrows. The great defence of Bitcoin is that it’s far too decentralized to be brought down by any single entity.

 

Prolific speaker and cryptocurrency advocate Andreas Antonopolous weighed in on the vulnerability in a tweetstorm. He defended the quality of Bitcoin’s development, considering its open source nature.

 

He was particularly enamoured by the community’s rigorous dedication to checking code quality. While the situation was surely dangerous, it could have been way worse – especially if new, buggy cryptocurrencies had decided to fork the Bitcoin Core version susceptible to DDoS.

 

It’s worth pointing out that Bitcoin is hardly the only cryptocurrency researchers have found kinks in recently. Indeed, a Bitcoin Core developer recently discovered a crippling flaw in Bitcoin Cash – a forked version of Bitcoin.

 

While never convenient, responding appropriately to such potential dangers is crucial to maintaining the integrity of blockchain tech – especially when reversing transactions is not an option.

 

But in the meantime, go ahead and mark this as yet another day of discovering just how close we were to a Bitcoin collapse: crisis averted.

 

Source