Remote Crash Bug Disclosed, Manipulated and Fixed Increased the Unlimited Hashrate

Remote Crash Bug

Recognized just recently in Bitcoin Unlimited (BU), a bug which is a challenging Bitcoin node client, allowed a vicious user to destroy nodes remotely. It was on morning of the 14th day of March when it was revealed in an email and was later spread in the social media.

Bug Disclosure Spread Over Social Media

The main developer of Bitcoin Unlimited, Andrew Stone shared that they were on the verge of releasing when Peter Todd (a bitcoin developer) took another person’s exploit and tweeted irresponsibly. He was talking about the March 14th tweet sent by Mr. Todd, a consultant of applied cryptography, who coded Bitcoin Core which is another known Bitcoin node client.

Mr. Stone added that they have promised a fix that only took them five minutes. A validation to some inputs sent by nodes was just needed.

The moment the BU bug circulated quickly on social media of Bitcoin, a huge decline happened in some of the nodes running their software. A decline in the amount of BU nodes to a level far seen since autumn 2016 happened around 3:45 PM PST. BU node deployment attained an all-time high before that bug happened.

Remote Crash Bug

According to a CTO named Emil Oldenburg at Unlimited-capable pool who commented on the event saying that there were no effects for them. He added that they were even able to mine a block while there was an attack. Their nodes crashed though but it restarted just quickly.

Coin.dance, a monitoring website of Bitcoin blockchain remained supportive for the clients of Bitcoin Unlimited by the time the fix was released, surpassing the Unlimited client’s all-time high now hitting a new one which is now accountable for the thirty-four percent and more of the total mining hashrate of the network.

Mr. Stone explained that remote crashes is generally an ordinary software exploit. But talking about the the Bitcoin’s history of the number of remote crash CVEs that happened, he said he has no idea.

Telling Bitcoin, “we will see”, he added that they are trying to push images right now for miners even though a lot of them use a variety of hiding techniques which safeguards their infrastructure.

Efforts of Bitcoin Developers Splintered

The developers of bitcoin have previously collaborated together in big groups to work on the project. An example for this is the updates recently to ‘Bitcoin Core’ which is a dominant client that displayed the work of a lot of contributors.

However, as the time passed, efforts lessened into a competition in the creation of open-source communities that works around the new Bitcoin protocol. This event has become more apparent in the previous months, which resulted to breakdown affecting the relationship of many developers.

There are people who aim to sabotage BU, some thinks that it is a pursuit to seize control of the Bitcoin network. One internet enthusiast who uses the ‘ciphera’ handle said on Reddit that running the fuzzer on the diffs Bitcoin Unlimited have from Core, which already have sore crashes. He was hoping that some of that are exploitable. He added that he is planning to gather many zero-days in order to deliver at the most possible time possible.

One more user said that he will personally take advantage of any flaw in BU and not tell anyone.

Another user stated: “I will personally exploit any flaw in [Bitcoin Unlimited] and not disclose.”

Written by Melvin Draupnir on March 23, 2017.