26 Sep 2018

A major update has been done by the Bitcoin Core development team to patch the DDoS vulnerability in the underlying software that could prove fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain.

The DDoS vulnerability which has been identified as CVE-2018-17144, was found in the Bitcoin Core wallet software, that can be exploited by anyone who could mine BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2

This vulnerability existed since March last year but no one has noticed the bug or was interested to exploit them.

The Bitcoin miners could bring down the entire blockchain either by overflooding the block with duplicate transactions, resulting in obstruction of transaction confirmation from other people or by flooding the nodes of the Bitcoin peer-to-peer network and over-utilizing the bandwidth.

The bitcoin core developers state that all recent versions of the BTC system have a chance of being vulnerable to the Distributed Denial of Service (DDoS) attacks even though attacking Bitcoin is expensive.

The DDoS attack on the BTC network would cost miners 12.5 bitcoins, which comes to around $80,000 (£60,000), in order to perform successfully.

The Bitcoin Core team has patched the vulnerability and are advising the miners to shut down their older versions and update with the latest Bitcoin Core 0.16.3 version at the earliest.

The vulnerability note reads, “A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”

Even though the team says that the miners who run Bitcoin Core occasionally are not in danger of such attacks, it would be advised to upgrade to the latest software version as soon as possible just to be on the safe side.

Besides DDoS vulnerability, the latest version also includes patches for a significant number of minor bugs, related to consensus, RPC and other APIs, invalid error flags, and documentation.

After upgrading to the latest version, the new wallet will have to redownload the entire blockchain.

Leave your thought