The Bitcoin team today solved a serious vulnerability in the software that underlies the entire Bitcoin network.
The vulnerability is tracked as CVE-2018-17144 and is classified as a simple "denial of service" problem (DoS). Although this classification can minimize its importance, since most DoS bugs cause simple crashes, this vulnerability has a more serious impact than is believed.
This is because CVE-2018-17144 influences Bitcoin Core, the software that Bitcoin nodes (miners) on their servers and the software that keeps the entire Bitcoin network up and running.
In addition: Bitcoin Gold has been removed from the main exchange of cryptocurrencies after refusing to pay hacking damages
"[It] can dismantle the network," he told ZDNet today Jason Glassberg , co-founder of Casaba Security. "This would affect transactions in the sense that they can not be completed, but it does not seem to open a way to steal or manipulate portfolios."
Glassberg's assessment was also confirmed by other cryptocurrency experts, who also pointed out this bug
However, while user funds are not as risky, an attacker could use this vulnerability to intentionally block nodes Bitcoin.
If an attacker monitors or adds enough nodes to the Bitcoin network and then causes a crash, he can perform a so-called 51% attack on the Bitcoin network and manipulate transactions for his financial gain.
According to this site, under normal circumstances, it currently costs about $ 450,000 to mount a 51% attack for an hour under normal conditions, but by exploiting this bug, an attacker can reduce this cost to a smaller value and more feasible.
According to the Bitcoin team, exploitation is also quite simple, since it relies only on sending malformed transactions on the Bitcoin network.
"Previous versions of Bitcoin Core crashes abnormally if they try to process a block containing a transaction that attempts to spend the same input twice," the Bitcoin Core team explained in a security notice published today.
All versions of Bitcoin Core between 0.14.0 and 0.16.2 are considered vulnerable. This covers all versions of Bitcoin Core since March 2017. Version 0.16.3 has been released today to solve this problem. Bitcoin Knots, a fork and alternative to Bitcoin Core software, has also been confirmed to be interested and has also received a patch.
Patch CVE-2018-17144 was also converted into Litecoin, a cryptocurrency that began as a fork of the original Bitcoin project code.
But Emin Gün Sirer, a professor at Cornell University and a well-known cryptographer and cryptocurrency expert, says that this bug was only corrected in Litecoin after the release of Bitcoin Core 0.16.3, or the Litecoin project
"Currencies of Copycat are at risk, "said Sirer today, referring to all the cryptocurrencies that have been bifurcated by the Bitcoin code in the last decade.
In addition: Bitcoin: a cheat sheet for professionals
"By definition, there is always an upstream group that knows their vulnerabilities," he warned, alluding that the hackers who hold d 'eye the main branch of Bitcoin could try to exploit this defect on cryptocurrencies in which the patch has not yet been loaded and where 51% of the attacks is even cheaper and easier to perform than the costs to mount one against the massive Bitcoin network.
Readers who are only owners of Bitcoin and other cryptocurrency funds, this bug is not a direct threat, but if readers are also running their own mining facilities, they should examine the vulnerability and see if this also affects the software of the own mining facility.