Clarifying the potentially grave make-up of the coding bug, which is referred to as CVE-2018-17144 and classified as a denial-of-service (DoS) attack, Casaba Security co-founder Jason Glassberg told: “[It] can take down the network.”
Glassberg further informed ZDNet that the errors in codebase of Bitcoin Core “would [have] affected transactions in the sense that they cannot be completed, but does not appear to open up a way to steal or manipulate wallets.”
Denial-of-Service (DoS), 51% Attacks
BTC miners use the Bitcoin Core client software to confirm transactions on the cryptocurrency’s blockchain. Therefore, the recent errors found in the source code could have been misused to deliberately crash Bitcoin’s full-node operators.
Even though not strategically practicable, this distinct software bug could have been remotely misused by an hacker to instigate a 51% assault in which one organization takes over the majority of the hashing power of a cryptocurrency network.
Advisory Notice, Critical Patch Released
In the majority cases, a bad player has organized a 51% assault in order to maneuver transactions on a cryptocurrency’s blockchain for monetary gains. At present, it would cost roughly $490,000 to initiate such an assault (for 1 hour) on the Bitcoin network.
However, if the latest Bitcoin Core software bug had not been fixed, a bad actor might have started a 51% attack on the cryptocurrency’s network at a significantly low cost. On September 19th, the Bitcoin Core programmers posted a consultive notice concerning this DoS vulnerability.
Bitcoin Core users have been advised to upgrade to version 0.16.3 of the software. The DoS vulnerability was found in the earlier versions (0.14.0 to 0.16.3) of the client. Bitcoin Knots, one of roughly 96 derivatives of Bitcoin core created by hard fork, was perceived vulnerable as well and its client software was fixed.
“Copycat” Cryptos Are At Risk
Remarkably, the CVE-2018-17144 vulnerability could have also impacted the litecoin (LTC) network but its client has already got a patch. Commenting on the grave nature of these software coding error, Cornell computer science professor Emin Gün Sirer opined: “Copycat currencies are at risk” – indicating that all Bitcoin forks are susceptible to attack.
Sirer further stated:
“By definition, there’s always a group upstream that knows their vulnerabilities.”
The Turkish-American cryptographer, who discovered significant vulnerabilities in Ethereum’s codebase before its network faced DAO attack, was particularly referring to all the currently 69 active Bitcoin forks that could still be abused with a 51% assault as their clients might still not have gotten a patch and are not as protected as Bitcoin network owing to their less significant size.
In fact, a crypto community enthusiast has evaluated it would merely cost $122 to initiate a 51% attack on the Bitcoin Private (BTCP) network. However, this estimate has not been affirmed by a different source.