Unless you’ve been living under a rock, you are probably aware of the bug incident that dawned on the bitcoin world. But here is what you probably don’t know, the incident was even worse than the developers let on. What people know is that when the bug was reported, the vulnerability could potentially be used to shutdown a chunk of the network. While this sounded like pretty much the worse case scenario, it wasn’t. Turns out developers for Bitcoin Core swooped the second bigger part of the bug, under the proverbial carpet.
The official CommonVulnerabilities and Exposures (CVE) report unveiled that an attacker could have actually used it to create new bitcoin that too, above the 21 million hard-cap of coin creation- thus leading to inflating the supply and ultimately devaluing the current bitcoins. Such manipulation of the rules would result in a loss of trust in the cryptocurrency.
It is because of the catastrophic implications of the bug, the developers decided upon keeping it a secret, not for an extended period of time, but just enough to buy themselves enough time to fix the exploit and furthermore urge miners and users to upgrade their software.
In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious denial of service vulnerability, concurrently with reaching out to miners, businesses and other affected systems, while delaying publication of the full issue to give time for systems to upgrade
The CVE report explained.
You should not run any version of Bitcoin Core other than 0.16.3. Older versions should not exist on the network. If you know anyone who is running an older version, tell them to upgrade it ASAP
Bitcoin subreddit moderator Theymos remarked in a post.
For the time being, the plan seems to have worked. Over half of bitcoin’s mining hash rate has upgraded to the patched software version, meaning the attack can no longer be used, and developers are “unaware of any attempts to exploit this vulnerability,” the report states.
According to the report, the report about the denial-of-service bug was filed anonymously to top developers of Bitcoin Core and Bitcoin ABC, the main software implementation of bitcoin cash. About two hours later, Chaincode engineer and Bitcoin Core developer Matt Corallo realized the bug could have been exploited to print unlimited bitcoin.
One problem might have subsided for now, but another one has taken its roots in the minds of bitcoin users, whether it is possible the bug has already been exploited. Like how do the users know for sure that the vulnerability wasn’t exploited and someone in the cryptoverse is there with a bunch of fake bitcoins?
But to everyone’s relief Bitcoin Core contributor Pieter Wuille put this speculation to rest in his tweet.
Full nodes validate all of history to protect against this sort of issue.
If you start a new full node from scratch, it first downloads the whole historical blockchain, and verifies it. If this bug would have been exploited already, it would be noticed by any such new node.
— Pieter Wuille (@pwuille) September 21, 2018
However, this attack has shaken the bitcoin world, leaving everyone with the same unsure thoughts, what if the bug wasn’t caught on time? If it happened once, it can happen again, right? According to Theymos,
Even if the bug had been exploited to its full extent, the theoretical damage to stored funds would have been rolled back
Still, while Bitcoin Core, litecoin and several other coins that were based Bitcoin Core’s code have released a patch for the exploit, others have not – and might still be vulnerable to the inflation bug.