Recently Discovered Bitcoin Vulnerability Is Even Worse Than Previously Thought

Siamak Masnavi

On Monday (17 September 2018), a vulnerability (known as CVE-2018-17144) in Bitcoin Core (Bitcoin's reference implementation), which had existed since version 0.14.0 of Bitcoin Core (released on 8 March 2017), was reported to developers working on Bitcoin Core as well as some projects supporting other cryptocurrencies that use this code (such as "Bitcoin ABC" and "Bitcoin Unlimited", the two leading full node implementations of the Bitcoin Cash protocol). This vulnerability was reported anonymously as a "Denial of Service" (DoS) bug. 

As covered by CryptoGlobe, Bitcoin Core developers came up with a fix for this bug the next day (18 September 2018), and released it as part of Bitcoin Core versions 0.16.3 and 0.17.0rc4. They urged anyone running vulnerable versions of Bitcoin Core (i.e. 0.14.0 up to and including 0.16.2) to upgrade to version 0.16.3 as soon as possible.

However, shortly after fixing the vulnerability, the Bitcoin Core developers discovered that the bug in the code causing the DoS problem was even more serious than previously thought because it also created a second problem: the same vulnerability could be exploited to inflate the Bitcoin supply (i.e. create new bitcoins, beyond the 21 million limit placed by Satoshi, which would have the effect of devaluing existing bitcoins). 

This meant that the code fix for the DoS bug would also take care of the supply inflation bug. But, probably in order not to cause panic, and to encourage quick upgrades, the developers decided to only disclose the DoS bug.

On September 20th, after a post in a public forum revealed the full impact of the vulnerability, the Bitcoin Core Developers decide to come clean and publish a full disclosure report for CVE-2018-17144.

Over half of the Bitcoin hashrate has upgraded to patched nodes (running version 0.16.3). The developers say that although they are "unaware of any attempts to exploit this vulnerability", it is still critical that "affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Featured Image Credit: Photo via "Crypto360" via Flickr.com; licensed via "CC BY 2.0"

Burn Satoshi's Bitcoin, Suggests Paxful CEO in Thought Experiment

John Moore
  • Paxful CEO Ray Youssef proposes 'burning' the stash of Bitcoin alleged to belong to Satoshi Nakamoto
  • Bitcoin creator said to hold up to 980,000BTC in dormant wallets, theoretically worth US$10 billion
  • Without complete consensus on the move,  burning the coins would cause another Bitcoin fork

One member of the global cryptocurrency community has come up with what can best be described as a scorched earth policy for settling the debate over who is Satoshi Nakamoto once and for all. 

With the spotlights of Bitcoin watchers firmly on the latest questionable claim to be the creator of cryptocurrency as we know it, Ray Youssef - CEO and co-founder of crypto marketplace and wallet service, Paxful - in a now-deleted Tweet - took to Twitter to propose a Bitcoin soft fork that would 'burn' the BTC its  pseudonymous developer is thought to hold in wallets that have never been active.

His suggestion was ignored by a group of crypto-luminaries who he tagged for support, and apparently rounded on by commenters. 

Blockchain analysis undertaken in 2013 by Security Researcher and Bitcoin Blogger, Sergio Demain Lerner , alleged that Nakamoto may have amassed something like 980,000 bitcoin as a lone miner in the early days of its existence. When the BitMEX exchange team revisited Lerner's work a year ago, they reduced this estimate to 700,000 - but didn't rule out the possibility that the figure could be much higher.

Thus, the cryptocurrency the creator fo bitcoin likely accumulated between Jan and August 2009 (or late-Jan 2010, depending on whose opinion you listen to) could, theoretically, be worth something in the region of $10 billion at the current market rate.

A more realistic assessment of their value, however, centers on the idea  that - as they are sitting in the most closely watched wallets on the crypto scene - any attempt to move or sell them would cause massive upheaval in the global cryptocurrency markets, crash the BTC price and gut their value before a significant amount could even make it to a hot wallet somewhere. 

This scenario has been a sword of Damocles threatening Bitcoin since the Satoshi's Stash theories first appeared amid early interest in the concept, explaining the appeal of simply removing control of the coins from their owner - especially to someone with a vested interest in Bitcoin's value. However, Youssef's suggestion that such a measure would 'smoke out' Nakamoto's real life persona, was obviously considered to be ethically outrageous by some and a logistical nightmare by almost everyone. 

It's not that it isn't technically possible. It is. However, unless it had the consensus of the entire Bitcoin network (saying it wouldn't is a pretty safe bet), the fork would create two blockchains and a 'Schroedinger's Nakamoto' - where Satoshi was very rich on one, but not on the other. 

Let it not be forgotten that a similar schism led to a fork in the Ethereum blockchain following The DAO hack a few years back, a split that we have to thank for the existence of Ethereum Classic, which stuck with the pre-DAO blockchain. Let it also not be forgotten that recent Bitcoin forks have not worked out so well for most of the parties involved. Let it also not be forgotten that Nakamoto is considered with almost deity like reverence by some crypto-evangelists. All in all, it seems Youssef is now regretting making the suggestion

So, while Youssef's suggestion could well have been a way to get the real Satoshi Nakamoto to please stand up, it would likely have done much more damage than good.