The disclosure brings to question whether state-sponsored or organized hackers would have succeeded in exploiting the Bitcoin software bugs had they known about them to threaten what was thought to be an impregnable blockchain network.
In a discovery that is likely to alarm mainstream folks, Bitcoin Core developers on Thursday said they've discovered - and fixed - software vulnerabilities in Bitcoin (BTC) that could have resulted in the minting of new but unauthorized bitcoins. An inflation attack would have flooded the cryptocurrency market with bogus BTCs but more importantly undermined the faith the world has placed in what is designed to be trustless digital gold.
Members of the open source project announced on their website that vulnerabilities had been present since version 0.14 but they kept it a secret
to prevent scammers from exploiting a technical loophole in double-spend transactions. (That seems like a centralized decision not unlike a central bank or government would make.) Version 0.15 is the updated version free of the software bugs.
Bitcoin Core's developers discovered the bugs this past week and have since fixed it, according to bitcoincore.org. Along with the possibility of an inflation attack, the updated versions reduce or eliminate the possibility of denial of service (DoS) attack. The DoS flaw had the potential to disrupt the network by impairing some of Bitcoin's decentralized, blockchain-powered mining nodes.
Members of the open source community, some of whom chose to stay anonymous, found the flaws and reported it to developers. Their explanations are highly technical but the implications are just as serious.
"CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability," per developers' statement on Sept. 20. "It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix."
Many crypto investors view Bitcoin as the flagship coin of the $225 billion cryptocurrency market with BTC holding 51% market share. It's viewed as digital gold because of the immense computing power and electricity needed to mine new bitcoins as well as the promise that there will only be a maximum of 21 million bitcoins ever minted. The perception that Bitcoin is near-perfect in design is crucial for increasing adoption.
An inflation attack that floods the market with millions of unauthorized bitcoins would be devastating. That's because BTC caters to libertarian-leaning individuals who have lost faith in central banks for devaluing sovereign currencies and who have lost faith in governments for mismanaging monetary systems. A successful hack would have undermined people's faith in Bitcoin with the likely result of a huge dip in valuation and investor confidence.
Bitcoin's price rose to $6,700 over the weekend.
Developers explained the double-spend vulnerability in Thursday's post. "If the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Bitcoin as they would be then able to claim the value being spent twice."
Articles by Marvin Dumont:
Experts Warn SEC And Congress: Bad Rules Will Harm Bitcoin Investors
Bitcoin Is Replacing Bolivar As Venezuelan Economy Crashes
U.S. Regulators Move Towards Guidance On Cryptos
Ripple, Stellar Gain Huge In Latest 15% Market Rally
New Crypto Backed By Gold Bullion Makes Debut
Bitcoin Degree: NYU Is First College To Offer Major In Crypto