Cryptocurrency development team Bitcoin ABC has released a patch to address a critical vulnerability in bitcoin cash mining software.
According to Bitcoin ABC’s incident report, the vulnerability would have allowed an attacker to initiate a split in the bitcoin cash network.
To accomplish this, the attacker would have constructed a malicious transaction that included the bitflag of “0x20” in the signature hash type. The transaction would have been accepted by Bitcoin-ABC 0.17.0 and mined into a block but rejected by all other bitcoin cash mining software — including previous versions of Bitcoin-ABC.
Bitcoin ABC was made aware of the vulnerability on April 26, and developers quietly distributed a patch to mining pool operators and “verified bitcoin cash miners” before disclosing the potential exploit to the general public.
From the statement:
“After analysis of the vulnerability and possible responses, Bitcoin-ABC developers prepared a patch for the vulnerability, and a private release, to distribute directly to mining pool operators. Due to the decentralized nature of the mining community it was not possible to reach everyone directly. This release was provided to verified Bitcoin Cash miners to forward to trusted miners once they had upgraded.”
That patch has now received a general release, so miners using Bitcoin-ABC 0.17.0 are advised to upgrade to Bitcoin-ABC 0.17.1, which closes the attack vector.
“Bitcoin ABC will be taking several actions in order to prevent such an event from occurring again, as well as reduce the overall response time in the case of emergent issues in the future,” the company promised in its statement. “Additionally, Bitcoin ABC is in discussions with industry participants to establish a formal bug bounty system.”
Notably, Bitcoin ABC said that they were alerted to the vulnerability by a “clear and professional” report from an anonymous tipster, to whom they intend to give a reward if he or she comes forward.
Featured image from Shutterstock.
Last modified: May 20, 2020 8:49 PM UTC