Threat Watch

Bitcoin Bug

The Bitcoin team has recently released a patch for a severe vulnerability in the Bitcoin Core software. The vulnerability (CVE-2018-17144) is a simple DoS (Denial of service) issue that affects Bitcoin Core. Bitcoin Core is the software that Bitcoin miners run on their servers that keeps the whole Bitcoin network running. The vulnerability could take down the network which would prevent transactions from being completed. Further research revealed that Bitcoin users’ funds are not at risk, but an attacker could use the vulnerability to crash Bitcoin nodes. The exploitation relies on sending malformed transactions on the Bitcoin network. Researchers claim that, “Under normal circumstances, it currently costs about $450,000 to mount a 51% attack for an hour under normal conditions, but by exploiting this bug, an attacker can reduce this cost to a smaller and more doable value.” Older versions of Bitcoin Core software will crash if attackers try to process a block containing a transition attempting to spend the same input twice. Bitcoin Core versions 0.14.0 to 0.16.2 are vulnerable.