Recently Discovered Bitcoin Vulnerability Is Even Worse Than Previously Thought

Siamak Masnavi

On Monday (17 September 2018), a vulnerability (known as CVE-2018-17144) in Bitcoin Core (Bitcoin's reference implementation), which had existed since version 0.14.0 of Bitcoin Core (released on 8 March 2017), was reported to developers working on Bitcoin Core as well as some projects supporting other cryptocurrencies that use this code (such as "Bitcoin ABC" and "Bitcoin Unlimited", the two leading full node implementations of the Bitcoin Cash protocol). This vulnerability was reported anonymously as a "Denial of Service" (DoS) bug. 

As covered by CryptoGlobe, Bitcoin Core developers came up with a fix for this bug the next day (18 September 2018), and released it as part of Bitcoin Core versions 0.16.3 and 0.17.0rc4. They urged anyone running vulnerable versions of Bitcoin Core (i.e. 0.14.0 up to and including 0.16.2) to upgrade to version 0.16.3 as soon as possible.

However, shortly after fixing the vulnerability, the Bitcoin Core developers discovered that the bug in the code causing the DoS problem was even more serious than previously thought because it also created a second problem: the same vulnerability could be exploited to inflate the Bitcoin supply (i.e. create new bitcoins, beyond the 21 million limit placed by Satoshi, which would have the effect of devaluing existing bitcoins). 

This meant that the code fix for the DoS bug would also take care of the supply inflation bug. But, probably in order not to cause panic, and to encourage quick upgrades, the developers decided to only disclose the DoS bug.

On September 20th, after a post in a public forum revealed the full impact of the vulnerability, the Bitcoin Core Developers decide to come clean and publish a full disclosure report for CVE-2018-17144.

Over half of the Bitcoin hashrate has upgraded to patched nodes (running version 0.16.3). The developers say that although they are "unaware of any attempts to exploit this vulnerability", it is still critical that "affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Featured Image Credit: Photo via "Crypto360" via Flickr.com; licensed via "CC BY 2.0"

Chainlink and Dai Will Soon Be Listed on Crypto Exchange Gemini, LINK Up Over 18%

On Thursday (April 9), crypto exchange Gemini, which was founded in 2014 by the famous Winklevoss twins, announced that in addition to the upcoming support for Basic Attention Token (BAT), which was announced on Monday (April 6), it would be listing three more cryptoassets on April 24.

In a blog post published earlier today, Gemini said that it plans to support three new cryptoassets on its trading platform: Chainlink (LINK), Dai (DAI), and Orchid (OXT).

Gemini also said it will be allowing LINK, DAI, and OXT deposits into Gemini accounts starting at 09:30 Easter Time (or 13:30 UTC) on 24 April 2020, and mentioned that trading would "follow shortly thereafter."

This is the first month that Gemini has added support for any new digital assets since December 2018 (when it listed Bitcoin Cash), and this move by Gemini will bring the total number of cryptoassets it supports to nine (the others are Btcoin, Ether, Bitcoin Cash, Litecoin, Zcash, Chainlink, Dai, and Orchid). As for custody, Gemini currently supports the following 15 cryptoassets: ZRX, BRD, MANA, ENJ, FXC, GUSD, GNT, KNC, LOOM, MKR, NMR, OMG, STORJ, FIL, and CSP.

Gemini will be offering the following nine trading pairs for LINK, DAI, and OXT:

new trading pairs Gemini announced on 9 Apr 2020.png

On Monday (April 6), Gemini announced that it would be adding support for Basic Attention Token (BAT) on April 24.

Here is how Gemini is describing these four cryptoassets:

  • "Basic Attention Token is the native currency token of the Brave Browser, which is built to provide a more efficient and effective mechanism for connecting and rewarding users, advertisers, and publishers."
  • "Chainlink is building a bridge between smart contracts and off-blockchain data, broadening their access to information and increasing their application potential."
  • "Dai is a decentralized, crypto-collateralized stablecoin that seeks to maintain a 1:1 soft-peg with the U.S. dollar. Its primary purpose is to provide you with stable crypto dollars to use on the Ethereum network."
  • "Orchid is a peer-to-peer marketplace for virtual private networking (VPN) providers. OXT is the token used to purchase VPN bandwidth."

According to data from CryptoCompare, at press time (around 12:13 UTC on April 9), LINK, DAI, and OXT are currently trading at $3.242, $1.025, and $0.1404 -- up 13.99%, 0.39%, and 2.26% -- respectively in the past 24-hour period:

LINK-USD 24 Hour Chart on 9 Apr 2020.png

DAI-USD 24 Hour Chart on 9 Apr 2020.png

OXT-USD 24 Hour Chart on 9 Apr 2020.png