Recently Discovered Bitcoin Vulnerability Is Even Worse Than Previously Thought

Siamak Masnavi

On Monday (17 September 2018), a vulnerability (known as CVE-2018-17144) in Bitcoin Core (Bitcoin's reference implementation), which had existed since version 0.14.0 of Bitcoin Core (released on 8 March 2017), was reported to developers working on Bitcoin Core as well as some projects supporting other cryptocurrencies that use this code (such as "Bitcoin ABC" and "Bitcoin Unlimited", the two leading full node implementations of the Bitcoin Cash protocol). This vulnerability was reported anonymously as a "Denial of Service" (DoS) bug. 

As covered by CryptoGlobe, Bitcoin Core developers came up with a fix for this bug the next day (18 September 2018), and released it as part of Bitcoin Core versions 0.16.3 and 0.17.0rc4. They urged anyone running vulnerable versions of Bitcoin Core (i.e. 0.14.0 up to and including 0.16.2) to upgrade to version 0.16.3 as soon as possible.

However, shortly after fixing the vulnerability, the Bitcoin Core developers discovered that the bug in the code causing the DoS problem was even more serious than previously thought because it also created a second problem: the same vulnerability could be exploited to inflate the Bitcoin supply (i.e. create new bitcoins, beyond the 21 million limit placed by Satoshi, which would have the effect of devaluing existing bitcoins). 

This meant that the code fix for the DoS bug would also take care of the supply inflation bug. But, probably in order not to cause panic, and to encourage quick upgrades, the developers decided to only disclose the DoS bug.

On September 20th, after a post in a public forum revealed the full impact of the vulnerability, the Bitcoin Core Developers decide to come clean and publish a full disclosure report for CVE-2018-17144.

Over half of the Bitcoin hashrate has upgraded to patched nodes (running version 0.16.3). The developers say that although they are "unaware of any attempts to exploit this vulnerability", it is still critical that "affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Featured Image Credit: Photo via "Crypto360" via Flickr.com; licensed via "CC BY 2.0"

Weekly Newsletter

Bitcoin Below $10K: Crypto Analyst PlanB Says 'Ignore the Noise, Focus on the Signal'

Siamak Masnavi

On Monday (February 17), as Bitcoin continued its fall below $10,000, popular pseudonymous analyst "PlanB" (@100trillionUSD) advised his followers on Twitter to keep their eyes on the big picture.

Bitcoin didn't have a great weekend.

According to data from CryptoCompare, Bitcoin started the weekend at $10,343, and ended it at $9,872, as you can see in the price-chart below:

BTC-USD 2 Week Chart on 17 Feb 2020.png

For holders of Bitcoin, the pain continued on Monday. By around 14:00, when PlanB took to Twitter, Bitcoin had fallen to $9,609:

BTC-USD 24 Hour Chart on 17 Feb 2020.png

This is when PlanB told his Twitter followers to "ignore the noise" and "focus on the signal":

In a Medium blog post published on 19 March 2019, PlanB talked about scarcity in terms of the stock-to-flow (SF) ratio -- where stock is "the size of the existing stockpiles or reserves" and flow is "the yearly production" -- and used this to model Bitcoin's value.

He wrote:

The predicted market value for bitcoin after May 2020 halving is $1trn, which translates in a bitcoin price of $55,000. That is quite spectacular. I guess time will tell and we will probably know one or two years after the halving, in 2020 or 2021.

In a tweet sent out last Monday, PlanB said that he expected the price of Bitcoin to be over $10K by the next block mining reward halving (expected on 12 May 2020), at which point he expects the major bull run to start, taking the Bitcoin price all the way to $100K before the end of 2021:

 

Featured Image by "geralt" via Pixabay.com