Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats
Bitcoin Core has emerged seemingly unscathed from a major vulnerability that threatened to shut down parts of the network in a denial-of-service (DoS) attack. But apparently, the bug was even worse than originally thought. According to a Bitcoin Core Full Disclosure Report, the issue included an “inflation vulnerability,” one in which if seized upon could have bolstered the supply of bitcoin beyond the famous 21 million coin ceiling. By pouring more coins into the supply, the hackers would have diminished the value of the circulating bitcoins.
The decision to expose only the lesser extreme part of the bug to the public was deliberate. According to the report:
“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”
The strategy was a success and the bug is no longer a threat, as evidenced by more than 50% of the bitcoin mining hashrate having been upgraded to the patched nodes with no known attempts to “exploit this vulnerability.”
Here’s what we know, according to the report –
“A developer by the title earlz independently discovered and reported the vulnerability to the Bitcoin Core security contact email.”
Meanwhile, on social media, a contributor identified as a Bitcoin Cash developer who goes by the handle “Awemany” was cheered on Reddit for discovering and reporting the bug and cementing their place in “bitcoin’s history book.” Awemany in a blog post pointed to bitcoin developer Matt Corallo, whose 2016 pull request in an attempt to accelerate validation times led to what Awemany characterized as “one of the most catastrophic bugs in Bitcoin ever.”
The bottom line is that the bug was discovered and the threat has been lifted. It’s both a reminder of the risks associated with the consensus mechanism and a demonstration of good faith among the decision makers.
While it’s mostly the future of ETH that has been contemplated of late, given the plummeting of the No. 2 cryptocurrency’s value this year along with the confidence of investors, bitcoin has its own issues. In an exclusive interview with CCN, Sheffield Clark, who is at the helm of bitcoin ATM maker Coinsource, pointed to potentially “stagnant” mainstream adoption of bitcoin amid a lack of regulatory framework to help resolve issues like extreme volatility.
Featured image courtesy of Shutterstock.