Yesterday, Bitcoin ABC have published an incident report which contains information about a critical vulnerability for Bitcoin Cash miners who are using Bitcoin-ABC 0.17.0. Whilst the vulnerability has now been removed, miners who have failed to run new updates could still be at risk and are therefore urged to update to Bitcoin-ABC 0.17.1 as soon as possible.
If you feel you may be affected by this, please view the full incident report, here- https://www.bitcoinabc.org/2018-05-07-incident-report/
According to the report:
“An attacker may construct a malicious transaction which would be accepted by Bitcoin-ABC 0.17.0 and mined into a block. This block would be rejected by all other versions of Bitcoin Cash compliant implementations. The malicious transaction would contain the bitflag of 0x20 set in the signature hash type. After analysis of the vulnerability and possible responses, Bitcoin-ABC developers prepared a patch for the vulnerability, and a private release, to distribute directly to mining pool operators. Due to the decentralized nature of the mining community it was not possible to reach everyone directly. This release was provided to verified Bitcoin Cash miners to forward to trusted miners once they had upgraded. We advise any Bitcoin ABC 0.17.0 users to upgrade to the latest version as soon as possible.”
Whilst it does seem that major mining pool operators should already have the update, some smaller, leisure miners so to speak may still be vulnerable to the attack, this is a drawback to decentralisation and the anonymous nature of cryptocurrencies, therefore, Bitcoin ABC are urging that this message is spread, in order to ensure that Bitcoin Cash miners are alerted as soon as possible.
Stories like this really do remind us that, as with any digital activity, cryptocurrency mining can be as risky as cryptocurrency trading. Mining comes with a colossal upfront expense, an expense that is of course at risk of escalating given that vulnerabilities such as this one can go undetected for such long periods of time.
The best way to stay safe?
Run updates, read product forums and keep up to date with the news. Once these stories break, it doesn’t take long before news outlets can make official statements and of course, it shouldn’t take long then for product manufacturers to start rolling out updates and releasing official advice.
Your rigs are as valuable as your assets, in fact in essence, they are an asset, so therefore, you should keep them safe. Again, if you believe you bay be affected by this vulnerability, further advice can be sought from the Bitcoin ABC website (https://www.bitcoinabc.org/), here, you will also find a link to access the new, and essential update.