Recently in the Bitcoin network, a weakness has been found but is now fixed, but it could also lead to an entire system of nodes being shut down. Fortunately, hackers never took advantage of the bug.
Bitcoin engineers had discovered much vulnerability that can shut down blockchains this happened after two years when they thought that they had patched the issue properly.
In 2018, the engineers Braydon Fuller and Javed Khan already fixed the vulnerability, named INVDoS, on the Bitcoin blockchain in 2018. But recently they published a research paper detailing how they found it in several blockchain iterations: Btcd and Decred.
The attack operates this way: one hostile blockchain node—a member of the blockchain network that validates transactions—floods another one by spamming them with calls for non-existent transactions.
The result of the attack showed that the node would become dazed and the memory would “grow endlessly” the researchers noted, “This will crash the process and potentially freeze the process and computer until the process is terminated.”
In the report, the engineers have stated in the that the said vulnerability, named as a “denial-of-service” attack, was “easily exploitable” by hackers and can be used to crash an entire network of Bitcoin nodes. This weakness could be a delay in processing transactions, causing a “loss of funds or revenue,” according to the written report.
In June this year, Khan has noticed that the previous attack applied to Btcd, an alternative Bitcoin blockchain node that doesn’t let its users send or obtain payments. After a month, Khan has discovered another vulnerability in the other blockchain network, Decred.
Together with other blockchain engineers, Khan rolled out the fixes for the vulnerabilities in late August.
Truthfully, a shutdown of a network hasn’t happened for the past year, “For the Bitcoin network there have only been two vulnerabilities that have led to such downtime events, and there hasn’t been one since 2013,” the report noted.
However, the vulnerability has been massive. In 2018, over 50% of “publicly-advertised Bitcoin nodes with inbound traffic, and likely a majority of miners and exchanges” had the vulnerability and were at risk of attacks, according to the report.
Aside from the mentioned blockchains, Litecoin and Namecoin were also at risk. The report has added that it was unlikely and the vulnerability may help hackers steal Bitcoin, funds from the Lightning Network may be at risk.
Miners and other exchanges that run the older versions of Bitcoin software may still be at risk, but mostly, running nodes will have the latest software, the developers then added. “You are likely already protected. Otherwise, make sure to upgrade,” the report said.