Bitcoin Engineers Find Major Blockchain Vulnerability: Report

Bitcoin Engineers find a major blockchain vulnerability that is now fixed but could lead to entire systems of nods being shut down. The hackers never took advantage of this bug in the past so let’s see what more can be done in the latest bitcoin news today.

The bug could lead eventually to hackers shutting down entire networks. The Bitcoin engineers find major bugs in the number of other blockchains this year and published a paper of the findings. Two engineers discovered a few vulnerabilities which could shut down the blockchain two years after they believed that they solved the issue. BTC engineers Braydon Fuller and Javed Khan fixed the issue named INVDoS in 2018 and published a research paper detailing who they found the bug in a number of other blockchain iterations: Decred and BTCD.

The attack works when one hostile blockchain node, a member of the blockchain network which validates transactions, floods another one by spamming them with calls for non-existent transactions. This way, the node will become overwhelmed and the memory will grow endlessly according to the researchers:

 “This will crash the process and potentially freeze the process and computer until the process is terminated.”

The engineers also said in the report that the vulnerability “denial-of-service” attack was exploitable by the hackers and could be used to crash the entire network of BTC nodes. This could lead to a delay in processing transactions causing loss of funds as the report noted. Khan noticed that the old attack applied to BTCD didn’t let its users send or receive payments. Khan also discovered the vulnerability in another blockchain network, Decred. He rolled out fixes for the bug in late August but there were no known exploitations at that time. A shutdown of the network hasn’t happened for years according to the report:

“For the Bitcoin network there have only been two vulnerabilities that have led to such downtime events, and there hasn’t been one since 2013.”

The vulnerability is still huge in its potential. In 2018, more than 50% of the “publicly-advertised BTC nodes with inbounds traffic and the majority of the miners and exchanges” had the bug and were at high risk of attacks. Litecoin blockchains were also at risk but it was unlikely that the vulnerability will help the hackers steal Bitcoin. The miners may still be at risk but most people that run the nodes will have new software and will be protected.