Bitcoin flaw could have allowed dreaded 51% takeover

In the nick of time, the elders of Bitcoin have patched a security flaw that could have allowed an attacker to launch a much-feared “51% attack” on the world’s biggest virtual currency for as little as $80,000.

The scenario that might have led to this was always deeply hypothetical but the fact such a thing was even possible until this week has left some in the Bitcoin community feeling alarmed.

What’s the beef?

The flaw was in Bitcoin Core, the client software upon which the whole Bitcoin blockchain depends, but also affects at least one other important fork that uses the same codebase, Litecoin (LTC).

Details are sparse, but the full release notes for the patched version mention a denial-of-service vulnerability (CVE-2018-17144) that dates back to versions 0.14.0 that first appeared in March 2017, running through to 0.16.2 released earlier this year.

Says the summary:

It was discovered that older versions of Bitcoin Core will crash if they try to process a block containing a transaction that attempts to spend the same input twice.

In effect, an attacker could have created an invalid or ‘poisoned’ block by attempting to spend the same Bitcoins twice, which would have spread at high speed around almost the entire network of more than 9,000 Bitcoin Core nodes, causing them to crash.

The cost of doing this would mean losing the block containing the malformed transaction, equivalent to 12.5 Bitcoins with a current value of $80.000. With large numbers of nodes offline, the attacker might then potentially control enough of the miners remaining to control the network’s consensus mechanism – the so-called 51% attack.

Normally, this wouldn’t be possible – trying to spend the same coins twice should be rejected by consensus – but flaws this serious show how the rules can be subverted.

It’s reminiscent of an incident earlier this year that appeared to how another virtual currency, Verge, might be susceptible to the same 51% scenario.

The flaw has been patched in version 0.16.3 but questions remain about how such a simple flaw ended up in the Bitcoin Core 0.14.0 and remained undetected for so long.

It’s also stirred up a Reddit debate about whether a currency as large as Bitcoin should depend so heavily on one reference client, as well as the exposure of possibly dozens of small currency forks using the same codebase that will also need to be patched.

Tweeted respected cryptocurrency expert and Cornell University professor, Emin Gün Sirer:

To Bitcoin’s sceptics, this week’s incident will be seized upon as another example of the danger of resting a $100 billion platform on a lot of untested assumptions.