Bitcoin
$3,267.47 -1.49%
BCH · 18w

Consider this a lesson learned for the community: Not only to be careful with code changes, but to make sure there are easy ways for bugs to be reported. Full story of the potentially dangerous vulnerability found in Bitcoin Cash software, fixed before anything bad happened.

Responsible disclosure in the era of cryptocurrencies My experience disclosing a critical Bitcoin Cash vulnerability

On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies — not to be confused with Bitcoin. A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself. Instead, the vulnerability was fixed without incident, and publicly disclosed on May 7, 2018.

A quick clarification: Bitcoin Cash is a cryptocurrency that is distinct from and incompatible with Bitcoin. It is named as such because it is derived from Bitcoin. The now-fixed bug described below only affected Bitcoin Cash; the only relation to Bitcoin is the similar name.

As for me and my motivations, I work for the Digital Currency Initiative at the MIT Media Lab, which as the name implies, is a group tasked with researching and developing cryptocurrencies. Specifically, I help develop and maintain Bitcoin Core, Bitcoin’s primary software implementation. Because of that work, I’m often asked at conferences and workshops what I consider to be Bitcoin’s greatest challenge in the future. My answer is always the same: avoiding catastrophic software bugs.

Working through this bug, which certainly had the potential for catastrophe, has reaffirmed my belief that the threat of software bugs is severely underestimated in the cryptocurrency world. I’m presenting a detailed report of this incident not as a slight against Bitcoin Cash, but as a real-world example of how much work is still required to reach the sophisticated level of engineering that cryptocurrencies require, and as a wake-up call to companies who have not adequately prepared for this type of scenario.

SIGHASH_BUG

In short, a portion of the transaction signature verif...

Continue on medium.com
Recent news
BTC -1.49% · localcoin.ca · 10h

Localcoin Expands to Nova Scotia and New Brunswick!

Localcoin is now in the Maritime Localcoin, Canada’s largest Bitcoin ATM network, has expanded to Nova Scotia and New Brunswick. With the placement of 9 machines in key population centres, residents o...
BTC -1.49% · twitter.com · 11h

BTCPay merchants can now easily convert to fiat!

Awesome! @blockonomics_co provides auto-forwarding service to static address.It is one less step to sell to fiat.Just one question @blockonomics_co why are you using P2PKH over P2SH-P2WSH ?https://t.c...
BTC -1.49% · streamable.com · 11h

Bitcoin Vets Right Now

Check out this video on Streamable using your phone, tablet or desktop.
BTC -1.49% · medium.com · 12h

The EVM is Fundamentally Unsafe

Over the past three years of smart contract development, the cryptocurrency community has seen smart contracts written in Solidity subverted by a variety of bugs and exploits (the DAO exploit, the…
BTC -1.49% · youtu.be · 14h

Saifedean Ammous on Bitcoin hype.

It turns out the best book on Bitcoin was written by someone who thinks the cryptocurrency is not a particularly good form of payment, not particularly anony...
BTC -1.49% · whatbitcoindid.com · 15h

Alex Gladstein on Why Bitcoin Matters for Freedom

In this episode, I talk with Alex Gladstein, Chief Strategy Officer at The Human Rights Foundation. We discuss how Bitcoin and cryptocurrencies increase freedom under authoritarian regimes and how...