The Right Place to Buy, Earn, Exchange and Borrow against Your Crypto.

Get Started
Critical Bug Would Have Allowed Hackers to Create Bitcoin, Detector Hints at Sabotage Critical Bug Would Have Allowed Hackers to Create Bitcoin, Detector Hints at Sabotage
This article is more than 2 years old...

Critical Bug Would Have Allowed Hackers to Create Bitcoin, Detector Hints at Sabotage

Bitcoin Core developers acknowledged a potentially devastating vulnerability in the code of the original cryptocurrency and appealed to miners to upgrade to their newly issued patch with immediate effect.

Critical Bug Would Have Allowed Hackers to Create Bitcoin, Detector Hints at Sabotage

Photo by Oscar Nord on Unsplash

Bitcoin Core developers acknowledged a potentially devastating vulnerability in the code of the original cryptocurrency and appealed to miners to upgrade to their newly issued patch with immediate effect.

If exploited, bug CVE-2018โ€“17144 would have permitted bad actors to shut down entire nodes and create Bitcoin, supposedly debasing the largest cryptocurrency by market capitalization.

The issue has apparently existed since the March 2017 release of Bitcoin Core 0.14.0, and yet the coin’s developers assured that it has not been exploited, and that half of the networkโ€™s hashrate has already upgraded to the new fix.

Double-Banger

The bug, which was purportedly discovered Sept. 17th by Bitcoin Cash and Bitcoin Unlimited developer Awemany, was at first reported to have been a denial-of-service vulnerability onlyโ€”it was not until days after its public disclosure that Bitcoin Core developers revealed its second, possibly catastrophic, โ€œcritical inflationโ€ component in a report on their website, Sept. 20th.

To Bitcoin Core, the omission was a calculated one, explaining they intended to remedy affected systems before disclosure โ€” presumably to minimize the chance of exploitation. They wrote:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade.”

Whistle-Blower Explains Bug, Tables Foul Play

Having sounded the alarm, the pseudonymous developer has now come out with several stunning allegations drawing the integrity of Bitcoin and its development team into question.

The developer explained in a blog post that the bug was the outcome of fellow developer Matt Coralloโ€™s November 2016 pull request, which shaved a cool 600 microseconds off Bitcoin block validation. To Awemany, that optimization spawned CVE-2018โ€“17144, or what he describes as โ€œone of the most catastrophic bugs in Bitcoin everโ€.

Going on, Awemany pushed a number of Core developers into the firing line, blasting them with descriptions as colorful as โ€œoverblown egosโ€, and suggesting they had attempted to โ€œhandicapโ€ Bitcoin with a 1MB block limit.

The developer did not stop there, however, going as far as to suggest the bug may have been a treasonous attempt to irreparably tarnish the reputation of Bitcoin and its worth as a store of value.

He wrote:

“I always feared that someone from the bankster circles, someone injected into the Bitcoin development circles with the sole goal of wreaking unsalvageable havoc, would do exactly what happened. Injecting a silent inflation bug. Because that is what would destroy one of the very core advantages that Bitcoin has over the current status quo.”

Despite priming readers with such a grave hint, Awemany explained that the โ€œsheer arrogance and hubrisโ€ of a Core developer was a more likely explanation for the bug, however, and called for bipartisan efforts to stomp out bugs in Bitcoin and its offshoot, Bitcoin Cash.

Where crisis appears to have been largely avertedโ€”with Bitcoin Core still calling for all affected parties to apply the patchโ€”the issue would prove that there may be far more pressing hurdles facing the original cryptocurrency than regulatory approval.

Connect your wallet, trade with Orion Swap Widget.

Directly from this Widget: the top CEXs + DEXs aggregated through Orion. No account, global access.