A vulnerability in the Bitcoin network - which has now been fixed - could have led to the shutdown of the entire node system. Fortunately, hackers never took advantage of that mistake.
Two Bitcoin engineers have discovered several vulnerabilities that could shut down the Bitcoin blockchain - two years after they thought they had patched the problem.
Bitcoin engineers Braydon Fuller and Javed Khan fixed a vulnerability, called INVDoS, on the Bitcoin blockchain in 2018, but this week they published a research paper detailing how they found it in a number of other iterations of the blockchain: Btcd and Decred.
The attack works like this: one hostile blockchain node - a member of a blockchain network that validates transactions - overwhelms another by sending unwanted calls calling for non-existent transactions.
As a result, the node would become "oversaturated" and its memory would "grow endlessly," the researchers wrote. "This will crash the process and potentially freeze the process and the computer until the process is complete."
Engineers said in the report that the vulnerability, known as a "denial of service" attack, was "easily exploited" by hackers and could be used to break down an entire network of bitcoin nodes. This could lead to delays in processing transactions, which in turn would cause “loss of funds or revenue,” the report said.
In June 2020, Khan noticed that the old attack was applied to Btcd, an alternative bitcoin blockchain node that does not allow its users to send or receive payments. A month later, Khan discovered a vulnerability in another blockchain network, Decred.
Khan, along with other blockchain engineers, introduced vulnerability fixes in late August. Fortunately, “there was no known exploitation of this vulnerability in the wild,” Fuller and Khan wrote in the report.
In fact, such a network shutdown has not happened in years. “For the Bitcoin network, there were only two vulnerabilities that led to such downtime events, and there have been none since 2013,” the report notes.
Still, the vulnerability is quite high - at least in its potential. In 2018, more than 50% of “publicly advertised bitcoin nodes with incoming traffic and probably most miners and exchanges” had vulnerabilities and were at risk of attack, the report said.
Litecoin and the Namecoin blockchain were also at risk, the report added. Although the report adds that it is unlikely that the vulnerability could have helped hackers steal Bitcoin, funds from the Lightning Network - a protocol for faster processing of Bitcoin transactions - could be in jeopardy.
Miners and stock exchanges running older versions of Bitcoin software may still be in danger, but most people use nodes.
The good thing is that the engineers discovered the error before the hackers otherwise it would have been a big problem and people could have lost their coins.