Recently Discovered Bitcoin Vulnerability Is Even Worse Than Previously Thought

Siamak Masnavi

On Monday (17 September 2018), a vulnerability (known as CVE-2018-17144) in Bitcoin Core (Bitcoin's reference implementation), which had existed since version 0.14.0 of Bitcoin Core (released on 8 March 2017), was reported to developers working on Bitcoin Core as well as some projects supporting other cryptocurrencies that use this code (such as "Bitcoin ABC" and "Bitcoin Unlimited", the two leading full node implementations of the Bitcoin Cash protocol). This vulnerability was reported anonymously as a "Denial of Service" (DoS) bug. 

As covered by CryptoGlobe, Bitcoin Core developers came up with a fix for this bug the next day (18 September 2018), and released it as part of Bitcoin Core versions 0.16.3 and 0.17.0rc4. They urged anyone running vulnerable versions of Bitcoin Core (i.e. 0.14.0 up to and including 0.16.2) to upgrade to version 0.16.3 as soon as possible.

However, shortly after fixing the vulnerability, the Bitcoin Core developers discovered that the bug in the code causing the DoS problem was even more serious than previously thought because it also created a second problem: the same vulnerability could be exploited to inflate the Bitcoin supply (i.e. create new bitcoins, beyond the 21 million limit placed by Satoshi, which would have the effect of devaluing existing bitcoins). 

This meant that the code fix for the DoS bug would also take care of the supply inflation bug. But, probably in order not to cause panic, and to encourage quick upgrades, the developers decided to only disclose the DoS bug.

On September 20th, after a post in a public forum revealed the full impact of the vulnerability, the Bitcoin Core Developers decide to come clean and publish a full disclosure report for CVE-2018-17144.

Over half of the Bitcoin hashrate has upgraded to patched nodes (running version 0.16.3). The developers say that although they are "unaware of any attempts to exploit this vulnerability", it is still critical that "affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Featured Image Credit: Photo via "Crypto360" via Flickr.com; licensed via "CC BY 2.0"

Weekly Newsletter

Tim Draper Calls Indian Government “Pathetic and Corrupt” Over Bitcoin Ban

  • Tim Draper calls the Indian government "pathetic and corrupt" over a proposed ban on cryptocurrency.
  • Unofficial drafted bill has emerged online making the use of cryptocurrency punishable with 10 years in prison.

American billionaire investor Tim Draper has called out the Indian government over its purported plan to ban bitcoin and all forms of cryptocurrency. 

Proposed Bitcoin Ban

On July 14, blockchain lawyer Varun Sethi published to Twitter an unofficial draft of a bill circulating the Indian government that would ban the use of cryptocurrency. 

In addition to prohibiting the use of bitcoin, the bill seeks to impose a 10-year prison sentence on Indian citizens who “mine, generate, hold, sell, transfer, dispose, issue or deal in cryptocurrencies.” The bill does allow one caveat for the digital rupee, which is a token issued and backed by the Reserve Bank of India (RBI). 

Pathetic and Corrupt

In response to the proposed ban, Tim Draper took to Twitter to vent his feelings against the Modi government. 

Draper, who is known for his massive investments in Baidu, Skype, and Tesla, has become a bitcoin bull over the years, in addition to issuing some of the more far-fetched price predictions.

The American investor has also been an active presence encouraging developing countries to consider the benefits of bitcoin and digital currencies. More recently, he advocated the utility of bitcoin to the Argentine government, a country that has been combating fiat hyperinflation for years. 

Others Weigh In

Other high profile individuals have voiced their disapproval over the Indian government considering a bitcoin ban, including Barry Silbert who predicted the decision having the opposite effect on bitcoin adoption. 

John McAfee also chimed in with his belief that governments have little control over the use of bitcoin. 

Supporters of the Ban

However, not everyone took kindly to Draper’s harsh criticism of the Modi government. Given the rise in cryptocurrency-related scams over the past two years, some Indian citizens believe banning bitcoin will be a net positive for the country. 

While Draper may be stirring national sentiment related to cryptocurrency, it’s worth noting that the Indian government has yet to impose a ban of any sort. However, given the amount of rhetoric over the last several months and the more recent emergence of the drafted bill, it appears the Modi government is indeed contemplating decisive action against bitcoin and digital currencies.