It turns out that a bug in the Bitcoin network that was discovered in 2018 and later corrected could shut down all node systems. But fortunately, no hacker could take advantage of this loophole.
Two Bitcoin engineers discovered that a few issues they thought were fixing could shut down blockchains altogether. Engineers realized this two years after the problems had been fixed.
Originally reported by ZDNet, Bitcoin engineers Braydon Fuller and Javed Khan fixed the INVDoS vulnerability in the Bitcoin blockchain in 2018, but 2 years later this week, they published a research paper detailing how they found the bug in many blockchain iterations.
The way the attack works is as follows: An attacker node confirms transactions in the blockchain network, sending calls to other nodes with non-existent transactions and filling them. Engineers state that this puts an excessive load on nodes, filling their capacity:
“This will crash the process and freeze the computer. The computer will remain like this until the process is completed.
Engineers said in the report that the vulnerability, also known as a “denial of service-DoS” attack, could be easily exploited by hackers and turned into an opportunity to crash the network of all Bitcoin nodes.
In June 2020, Khan realized that the old attack was implemented on Btcd, an alternative Bitcoin blockchain node that does not allow its users to send or receive payments. A month later, he discovered a vulnerability in another blockchain network called Decred. Khan fixed the vulnerabilities in August with other Blockchain engineers, and the engineers later stated that there are no known issues at this time.
In fact, it hasn’t happened for years for a network to shut down in this way. In the report, it was already stated that there are only two vulnerabilities for the Bitcoin network that have caused such interruptions, and they have not been found since 2013.
On the other hand, the vulnerability is still large, at least potentially! The report stated that in 2018, more than 50 percent of Bitcoin nodes with incoming traffic, and possibly the majority of miners and exchanges, were vulnerable and at risk of attack.
“Lightning Network funds may be at risk”
At that time, Litecoin and Namecoin blockchains were also at risk, while the report states that the vulnerability cannot help hackers steal Bitcoin, but funds from the Lightning Network, a protocol that enables faster Bitcoin transactions, may be at risk.
“Be sure to update to be protected”
The developers point out that miners and exchanges running older versions of Bitcoin software may still be at risk, but most people running nodes will already have the most up-to-date software:
“You are probably already protected. Otherwise, be sure to update ”