Bitcoin ABC Patches Critical Vulnerability in Bitcoin Cash Mining Software

Journalist:
Josiah Wilmoth @Y3llowb1ackbird
May 8, 2018

Cryptocurrency development team Bitcoin ABC has released a patch to address a critical vulnerability in bitcoin cash mining software.

According to Bitcoin ABC’s incident report, the vulnerability would have allowed an attacker to initiate a split in the bitcoin cash network.

To accomplish this, the attacker would have constructed a malicious transaction that included the bitflag of “0x20” in the signature hash type. The transaction would have been accepted by Bitcoin-ABC 0.17.0 and mined into a block but rejected by all other bitcoin cash mining software — including previous versions of Bitcoin-ABC.

Bitcoin ABC was made aware of the vulnerability on April 26, and developers quietly distributed a patch to mining pool operators and “verified bitcoin cash miners” before disclosing the potential exploit to the general public.

From the statement:

“After analysis of the vulnerability and possible responses, Bitcoin-ABC developers prepared a patch for the vulnerability, and a private release, to distribute directly to mining pool operators. Due to the decentralized nature of the mining community it was not possible to reach everyone directly. This release was provided to verified Bitcoin Cash miners to forward to trusted miners once they had upgraded.”

That patch has now received a general release, so miners using Bitcoin-ABC 0.17.0 are advised to upgrade to Bitcoin-ABC 0.17.1, which closes the attack vector.

“Bitcoin ABC will be taking several actions in order to prevent such an event from occurring again, as well as reduce the overall response time in the case of emergent issues in the future,” the company promised in its statement. “Additionally, Bitcoin ABC is in discussions with industry participants to establish a formal bug bounty system.”

Notably, Bitcoin ABC said that they were alerted to the vulnerability by a “clear and professional” report from an anonymous tipster, to whom they intend to give a reward if he or she comes forward.

Featured image from Shutterstock.

Josiah Wilmoth @Y3llowb1ackbird

Josiah is the US Editor at CCN, where he focuses on financial markets. He has written over 2,000 articles since joining CCN in 2014. His work has also been featured on ZeroHedge, Yahoo Finance, and Investing.com. He lives in rural Virginia. Follow him on Twitter @y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.