Recently Discovered Bitcoin Vulnerability Is Even Worse Than Previously Thought

Siamak Masnavi

On Monday (17 September 2018), a vulnerability (known as CVE-2018-17144) in Bitcoin Core (Bitcoin's reference implementation), which had existed since version 0.14.0 of Bitcoin Core (released on 8 March 2017), was reported to developers working on Bitcoin Core as well as some projects supporting other cryptocurrencies that use this code (such as "Bitcoin ABC" and "Bitcoin Unlimited", the two leading full node implementations of the Bitcoin Cash protocol). This vulnerability was reported anonymously as a "Denial of Service" (DoS) bug. 

As covered by CryptoGlobe, Bitcoin Core developers came up with a fix for this bug the next day (18 September 2018), and released it as part of Bitcoin Core versions 0.16.3 and 0.17.0rc4. They urged anyone running vulnerable versions of Bitcoin Core (i.e. 0.14.0 up to and including 0.16.2) to upgrade to version 0.16.3 as soon as possible.

However, shortly after fixing the vulnerability, the Bitcoin Core developers discovered that the bug in the code causing the DoS problem was even more serious than previously thought because it also created a second problem: the same vulnerability could be exploited to inflate the Bitcoin supply (i.e. create new bitcoins, beyond the 21 million limit placed by Satoshi, which would have the effect of devaluing existing bitcoins). 

This meant that the code fix for the DoS bug would also take care of the supply inflation bug. But, probably in order not to cause panic, and to encourage quick upgrades, the developers decided to only disclose the DoS bug.

On September 20th, after a post in a public forum revealed the full impact of the vulnerability, the Bitcoin Core Developers decide to come clean and publish a full disclosure report for CVE-2018-17144.

Over half of the Bitcoin hashrate has upgraded to patched nodes (running version 0.16.3). The developers say that although they are "unaware of any attempts to exploit this vulnerability", it is still critical that "affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Featured Image Credit: Photo via "Crypto360" via Flickr.com; licensed via "CC BY 2.0"

U.S. Congressman Implies Facebook's Cryptocurrency Libra Is a 'Shitcoin'

Francisco Memoria

A U.S. Congressman, Warren Davidson, has recently implied Facebook’s cryptocurrency Libra is a ‘shitcoin’ after revealing he knows what he’s talking about when it comes to the cryptocurrency space.

Facebook has recently had to answers a few tough questions about Libra before a U.S. Senate Committee and while there were various memorable moments in the event, a Congressman implying Libra is a shitcoin has to be one of the most notable.

The representative from Ohio, while questioning CoinShares’ chief strategy officer Meltem Demirors, started by separating bitcoin from shitcoins, noting that people in the space are familiar with both terms.

A ‘shitcoin’, as most cryptocurrency enthusiasts know, is usually a term used to define cryptocurrencies that have no specific use case and should have no value. While some Bitcoin maximalists call everything that isn’t BTC a shitcoin, most use the pejorative term on the worst altcoins out there.

Through his questions, Davidson emphasized bitcoin has no central authority that can dilute the flagship cryptocurrency’s value, nor is there an authority that can censor BTC transactions. As Demirors noted, only the products and services people use can do that, but transactions on the blockchain are permissionless.

With Bitcoin, the Congressman added, users can engage in peer-to-peer transactions as if it were cash. Davidson added these features differentiate bitcoin from “many of the things people call colloquially shitcoin, because the value can be distorted by a central authority, so people do really have their assets at risk.”

The implication here is Libra, which will be governed by a central authority, the Libra Association, is a shitcoin because there’s a central authority able to artificially dilute its value and censor transactions. The social media giant's cryptocurrency is set to be launched next year, and will reportedly be backed by a basket of various fiat currencies and U.S. treasury securities.