Bugs are always frustrating to deal with. They aren’t as alarming as attacks or hacks, but still frustrate users and developers due to their more common occurrence. Last week however, a Bitcoin bug took things to a whole another level. Developers didn’t originally reveal the potential implications, but they were indeed frightening. The recently discovered vulnerability could have been used to crash a large portion of the network. The consequences of such a large scale crash are self-explanatory. As bad as this potential crash seems, the worse part was hidden by the developers. According to a disclosed official Common Vulnerabilities and Exposures (CVE) report, an attack could have potentially destroyed the whole idea and reputation of Bitcoin.
An attack could have been used to create new Bitcoin. Effectively going over the 21 million hard cap and destroying the whole principle of Bitcoin. The devaluation, which would have followed was going to be devastating not only to the developers, but to every individual holding Bitcoin or believing in the idea. Ironically enough, due to the cosmic implications, the developers decided to take a very government-like approach. The huge ramifications were buried in secrecy and the team took their time to work on the issue and hassle miners to upgrade their software.
New Bitcoin bug could have costed it all
So with the update, the issue seems to have been resolved. The update has covered over 50% of Bitcoin’s mining hash rate and the attack can no longer occur. At the present time, the developers are not fully aware if anyone has tried to exploit this vulnerability. The realization about the existence of such a potential exploit can be very frustrating for the developers. Luckily, according to the report, an anonymous user filed a bug report about the denial-of-service bug to the main developers of Bitcoin Core and Bitcoin ABC. If the anonymous user was a person with incredible hacking abilities or even worse, resources, the world could be in shock by now. It took Matt Corallo, a Chaincode engineer and Bitcoin Core developer two whole hours to realize the implications of this.
The ability to print unlimited Bitcoin is not a power anyone should have. The concept of Bitcoin and cryptocurrencies revolves around fighting that same power used by Central Banks. So realizing the gravity of the situation, the developers quickly decided to do the most government thing possible. They buried the secret and hoped no one would ever find out.
Full nodes validate all of history to protect against this sort of issue.
If you start a new full node from scratch, it first downloads the whole historical blockchain, and verifies it. If this bug would have been exploited already, it would be noticed by any such new node.
— Pieter Wuille (@pwuille) September 21, 2018
The course of action was to urge miners to quickly upgrade their software to prevent exploitation. The same was done for users who were running a full node. The urge to update from the developers got send out as very important information. It was instantly pinned to the top of the Bitcoin subreddit. That brings us to the most important question of all: Has the Bitcoin bug been exploited?
Many people still wonder if someone managed to get away with thhis Bitcoin bug. What if someone quickly stacked up 10, 100, 1000 or even 10 000 Bitcoin? What if this bug is taken by hackers as a blank worksheet and in the future the same weakness is exploited during another episode of vulnerability? According to Pieter Wuille, a Bitcoin Core contributor, any sort of suspicious activity should have been detected by now.
During the initial download, all transactions are double checked. Therefore, the new 0.16.3 software, would instantly detect irregularities. Bitcoin Core, Litecoin and several others, have released a patch for this Bitcoin bug. This isn’t done by all cryptocurrencies though, so some could potentially still be exploited.