Lucene search

K
thnThe Hacker NewsTHN:34A6F7CE85B5AB39EBC345A893D45BC8
HistorySep 25, 2018 - 11:32 a.m.

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

2018-09-2511:32:00
The Hacker News
thehackernews.com
468
bitcoin
core
ddos
vulnerability
update
blockchain
miners
patch
software
network
security
consensus
api
documentation

EPSS

0.006

Percentile

77.8%

bitcoin core software

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain.

The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2.

In other words, Bitcoin miners could have brought down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and over-utilizing the bandwidth.

The vulnerability had been around since March last year, but the team says nobody noticed the bug or nobody was willing to incur the expense of exploiting it.

According to the bitcoin core developers, all recent versions of the BTC system are possibly vulnerable to the Distributed Denial of Service (DDoS) attacks, though there’s a catch—attacking Bitcoin is not cheap.

The DDoS attack on the BTC network would cost miners 12.5 bitcoins, which is equal to almost $80,000 (£60,000), in order to perform successfully.

The Bitcoin Core team has patched the vulnerability and are urging miners to update with the latest Bitcoin Core 0.16.3 version as soon as possible.

> “A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible,” the vulnerability note reads.

Although the team says that the miners running Bitcoin Core only occasionally are not in danger of such attacks, it would obviously be recommended to upgrade to the latest software version as soon as possible just to be on the safe side.

In addition to the DDoS vulnerability, the latest version also includes patches for a non-insignificant number of minor bugs, related to consensus, RPC and other APIs, invalid error flags, and documentation.

After upgrading to the latest version—the process that will take five minutes to half an hour depending upon the processing power of your computer—users should note that the new wallet will have to redownload the entire blockchain.

EPSS

0.006

Percentile

77.8%