New Bitcoin Core Patch Fixes Vulnerability To DDoS Attacks, Devs Talk Of Possible Chainsplit
Like any technology, Bitcoin is always improving to achieve better results. The Bitcoin Core team has released a new patch this week, which fixed a vulnerability in the system that could be fatal to the network, as it allowed for DDoS attacks.
The patch node stated that the miners should stop using the old version immediately and start using the new one: Bitcoin Core 0.16.3. According to reports, all recent versions of the system could be vulnerable to Distributed Denial of Service (DDoS) attacks. These attacks generally involve flooding the system to disable a system temporarily.
Bitcoin Core 0.16.3 was released: https://t.co/SsbsJsqSTo
Upgrade recommended due to vulnerability fix
— Bitcoin Core Project (@bitcoincoreorg) September 18, 2018
By flooding block transactions with this vulnerability, the attackers could basically stop the Bitcoin network. They could use duplicate transactions to jam the confirmation of trades and this would spend all the bandwidth of the system in malicious transactions. Basically, the system allowed the users to send transaction data twice and this could be weaponized to attack the network.
According to the reports of the developers, the vulnerability was named as CVE-2018-17144 and could act as an exploit to let anyone able of mining enough blocks to crash the system. The bug existed in the version 0.14.0 to 0.16.2 of the system.
While not all miners are vulnerable to the attack, the developers urged everybody to fix the bug and install the new update so they can stay 100% safe. The patch also fixed some other issues like consensus problems, RPC, documentation and invalid flag errors.
This issue was reported to the developers by an anonymous party and it was deemed that it could have a “very scary” impact on the network.
An issue that has worried the Bitcoin team is that some of the developers are afraid of a possible chainsplit after the upgrade. As part of the process that makes the system work is to restore any issue in the system, chainsplits could happen.
While their name could remind someone of the hard forks like the ones that created Bitcoin Gold and Bitcoin Cash, the truth is that chainsplits are reverse transactions. According to a warning released by the devs, transactions could be reversed now and there is a possibility that any transaction with less than 200 confirmations be reversed, which could cause some confusion.
If the chainsplit actually happens, the devs state, it may require some effort to fix the issues. Chainsplits happen when two versions of a blockchain exist at the same time and they all share an identical history up to a point in which they end up splitting up.
This kind of anomaly may be triggered by incompatibilities between versions of the software. A similar incident occurred in 2013 after an unintentional fork separated the Bitcoin network for six hours.
The main issue with the integrity of the network is that, while there are people still running older versions of the Bitcoin nodes without the patch, the integrity of the network can still be questioned. As some people are not very enthusiastic about the upgrade and the patch, there might be some issues for a while.
Many Crypto Networks Are Vulnerable to DDoS Attacks
Many other networks also have DDoS exploits in their code. Ethereum and Bitcoin Cash, two other very popular networks, had flaws as well. When the Ethereum network was attacked, the issues lasted for more than a whole month and created a million of dead accounts. The developers had to make two on-chain forks and one off-chain fork to solve the issues for good.
There was also another DDoS attack that slowed the Ethereum network more recently, but there was no consensus failure.
Europol has released an investigative report noting that criminals keep using DDoS attacks to hurt business and this is one of the most typical attacks made by hackers, second only to malware. They are increasingly easy and low-cost to execute.
As the cryptocurrency networks are decentralized, they are less vulnerable to attacks, which gives them some protection, but not 100% as the code might have some openings to these attacks.