Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crippling DDoS Vulnerability Put the Entire Bitcoin Market At Risk (thenextweb.com)

Posted by BeauHD on from the impending-doom dept.

A major flaw was spotted in the Bitcoin network that could have allowed miners to bring down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack. "A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2." the patch notes state. "It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible." The Next Web reports: Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately. As far as the attack vector in question goes, there's a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it. The bug relates to its consensus code. It meant that some miners had the option to send transaction data twice, causing the Bitcoin network to crash when attempting to validate them. As such invalid blocks need to be mined anyway, only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.

37 comments

  1. Geeks and fairy tales by Anonymous Coward · · Score: 0

    Bitcoin ....Tesla....

    Just read the business news. Another Tesla executive is jumping ship.

    It's like Enron all over again.

  2. Bitcoin has no legitimate use by Anonymous Coward · · Score: 0

    is what put it at risk

    1. Re:Bitcoin has no legitimate use by Bobrick · · Score: 1

      Aren't you a bit too young to be using a computer?

    2. Re:Bitcoin has no legitimate use by Anonymous Coward · · Score: 0

      His mom has a legitimate use as a cock holster...

    3. Re:Bitcoin has no legitimate use by Anonymous Coward · · Score: 0

      What's a computer?

  3. Yet more proof by Actually,+I+do+RTFA · · Score: 1

    That the NSA, CIA, FSB, Chinese Intelligence, and MI6 don't give a shit about blockchain, it's not something that governments really care about, etc.

    --
    Your ad here. Ask me how!
  4. Hey, efficiency! by Mal-2 · · Score: 1

    Instead of paying Bitcoins to get your data back after a ransomware attack, now you can just cut out the middleman and let hackers steal all the Bitcoin directly.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  5. Truth by duke_cheetah2003 · · Score: 3, Interesting

    Can we please just change the name of Bitcoin to CrimeCoin already? That's the only thing it's good for.

    1. Re:Truth by Anonymous Coward · · Score: 0, Informative

      Can we please just change the name of Bitcoin to CrimeCoin already? That's the only thing it's good for.

      Exactly. We could eliminate all but four coins, and use different ones for different specific purposes:
      - Drug Coin
      - Child Porn Coin
      - Money Laundering Coin
      - Ransomware Coin

    2. Re:Truth by Anonymous Coward · · Score: 0

      don't forget hired hitcoin!

    3. Re: Truth by Anonymous Coward · · Score: 0

      Youre no longer useful, gramps.

    4. Re:Truth by nohup · · Score: 3, Informative

      What? That doesn't make any sense. The US Dollar is far better for crime and used a lot more than Bitcoin for crime. Bitcoin is trivially traceable and hard to spend unlike the dollar.

      Bitcoin has a lot of valid legitimate uses, such as cheap cross border payments, a hedge against inflation for countries like Venezuela and Argentina, a means of people without established banking sectors to transact, etc. It's also very useful in cases where there is risk of counter-party payment reversals in traditional systems, which lowers fees for such use cases. Another great potential future use is very small micropayments, possible future implementation for API calls without having to setup complex infrastructure and again, cross-border in countries where traditional banking systems don't operate or use different currencies. One novel current use where traditional systems fail is in rapidly purchasing a LARGE amount of anti-DOS capability in a hurry without counterparty risk. There are many new and novel uses. Here's one other small example: https://cointelegraph.com/news...

    5. Re:Truth by Tony+Isaac · · Score: 1

      OK, so you're calling Venezuela's "cryptocurrency" (which never existed) a legitimate use?

      If you're worried about payment reversals, you probably ARE doing something criminal, or at least shady. Try doing business with established, reputable businesses!

      No. None of your suggested "legitimate" uses are better served by Bitcoin than by traditional currency.

    6. Re: Truth by p91paul · · Score: 1

      Nowadays Bitcoin is only useful for speculation. It cannot be used for small payments because of the high transaction fees, and its value is too volatile...not to mention the energy cost associated with it.

    7. Re: Truth by Notabadguy · · Score: 2

      Nowadays Bitcoin is only useful for speculation. It cannot be used for small payments because of the high transaction fees, and its value is too volatile...not to mention the energy cost associated with it.

      That was true in November and December 2017, but you're rehashing peak from a year ago.

      These days, transaction fees are pennies and timing is less than 30 minutes.

      Also, the primary use of bitcoin around the non-darknet internet is for gambling and sports betting sites. Casinos that accept bitcoin instead of fiat currency. There are only a couple of states in the US with legal gambling, and I can't drive 20 hours on a whim to get to one of them. The US Treasury Department cracks down as hard as it can on any payment processing with fiat currency, and the payment processors obey.

      Last month, I had a check from one of the most reputable online casinos 'bounce' because my bank couldn't cash it - because OFAC (Office of Foreign Asset Control) has the account tied to terrorism. You know, because gambling.

      There are many sports betters out there, or casino gamblers without access to a casino - and none of those casinos are in the US. Bitcoin circumvents payment processor fees, currency exchange fees, and fees for fiat-based wire transfers or checks.

    8. Re: Truth by Tony+Isaac · · Score: 1

      Micro-transactions, as suggested by nohup above, would be dwarfed by the transaction fees of "only pennies." How does that make Bitcoin a viable option for micro-transactions?

    9. Re: Truth by Tony+Isaac · · Score: 1

      Bitcoin may be king, but that's not what Venezuela went with. They made up their own "cryptocurrency" based on future oil revenues.

    10. Re:Truth by ArchieBunker · · Score: 1

      You know bitcoin is not anonymous right?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    11. Re: Truth by Anonymous Coward · · Score: 0

      Venezuela's own crypto (the petro) is trash and no one wants to use it. It's not even really backed by oil, it's sad. Their government has lost the mandate of heaven , why would anyone trust their monopoly money? What people there really use is Nano (and Bitcoin).

    12. Re:Truth by nohup · · Score: 1

      No, I'm saying that Bitcoin in some ways is better than the Venezuelan Bolivar, not their cyrptocurrency project.

      There are plenty of uses that are better served by Bitcoin or cryptocurrencies, or can be with wide adoption and further development of the field.

    13. Re: Truth by nohup · · Score: 1

      Look into lightning network, or other technologies like payment channels. That can reduce transaction fees from "only pennies" to "fractions of a penny"

    14. Re: Truth by nohup · · Score: 1

      Just because their government tried to mandate something doesn't mean "venezuela" decided. The people on the ground don't want the government cryptocurrency.

    15. Re:Truth by duke_cheetah2003 · · Score: 1

      Bitcoin has a lot of valid legitimate uses,

      It's laughable the defenses I hear when I call Bitcoin what it is.

      It's very similar to the defenses of BitTorrent. Oh sure, it's cool, it's useful, lots of great stuff you can do with it. I can defend BitTorrent all day, it's fantastic really.

      But that doesn't change anything about what BitTorrent is actually used for, like 99%-1%... it's used for software piracy.

  6. Sweet! by Anonymous Coward · · Score: 0

    High time that these shylocks get their comeuppance.

  7. First exploit requiring cash? by Anonymous Coward · · Score: 0

    Is this the first exploit/hack that requires the user to specifically spend/throw away a significant amount of cash as a core part of the exploit?

  8. Verb or adjective by Anonymous Coward · · Score: 0

    "A cripling ..."
    or
    "Crlipling the ..."

  9. $82,500? by stinerman · · Score: 2

    Sure it might be $82,500 at time of publishing but later today it'll be $60,000, making the attack more likely. Of course, tomorrow it'll be $120,000, which makes the attack less likely.

    1. Re:$82,500? by Anonymous Coward · · Score: 0

      That's still in rounding error territory for a government.

  10. Is the fad wearing thing yet? by OneHundredAndTen · · Score: 1

    Many claim that cryptocurrency and blockchain aer here to stay. I am beginning to wonder...

  11. LOL....80k is nothing... by Anonymous Coward · · Score: 0

    "anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it"

    Considering that someone wanting to do such a thing likely has bitcoin they got from malware, viruses, theft, hacking, etc.

  12. Stupid by sexconker · · Score: 1

    This wouldn't harm Bitcoin at all. It would just affect DDoS individual nodes until they patched. No lasting impact on the network.

    1. Re:Stupid by Anonymous Coward · · Score: 0

      Ya but reality doesn't often make for a good news story.

  13. Compared to ... by micahraleigh · · Score: 0

    I'll bet there's nothing the FED could ever do to cripple the dollar market.

    Other than, you know QE1 ... QE2 ... Volkerfest interest rate explosions ...