A software update to Bitcoin’s core software fixed a vulnerability that could have had the entire network brought down to its knees.
Although Bitcoin represents a financial system, it is entirely dependent on the software that the nodes in its network run. We occasionally get reminded of that with updates to Bitcoin Core, but perhaps not as much as the update published on Wednesday.
A vulnerability known as CVE-2018-17144 that could have given the entire network a significant amount of trouble was fixed by the latest release of the coin’s node software. While it may not look like much, this could have ruined people’s trust in the network, potentially sparking a bank run that could have seen the coin’s value drop.
“[It] can take down the network. That would affect transactions in the sense that they cannot be completed, but does not appear to open up a way to steal or manipulate wallets,” said Casaba Security co-founder Jason Glassberg when speaking to ZDNet.
Hackers wishing to undermine Bitcoin as an asset could have easily just sent a bunch of junk transactions to the network—known as a denial of service attack (DoS)—performing something similar to the ever-dreaded 51% attack, but without as much effort.
It would work like this: An attacker could just spawn thousands of nodes onto the network using cheap hardware, spam the entire network with junk transactions using malicious nodes, crash it, then execute a double-spend and manipulate the blockchain.
“Older versions of Bitcoin Core will crash if they try to process a block containing a transaction that attempts to spend the same input twice,” Bitcoin Core developers said in an advisory.
Continuing with the above scenario, it would be easy for a hacker to execute a double-spend because most of the other nodes in the network would have crashed, leaving only the hacker’s online. Miners would send the block over for processing by nodes, and the hacker’s nodes would validate the transactions without much protest.
The Bitcoin Core vulnerability is of a similar gravity as the one that affected Bitcoin Cash about a month ago, which could have seriously crippled the network had a hacker taken advantage of it. Incidentally, it was a Bitcoin Core developer who discovered this particular bug in Bitcoin ABC.
Speaking of cryptocurrencies based on Bitcoin, they might also be in trouble. A couple of Bitcoin look-alikes, including Bitcoin Knot, have already been patched for CVE-2018-17144, but we still have no word on whether some other major coins got the memo.