Reporting Bugs in the Era of Cryptocurrencies

In his yesterday’s article on Medium, Cory Fields shares his experience of disclosing a Bitcoin Cash vulnerability.

Cory Fields is a Bitcoin Core developer working for the Digital Currency Initiative at the MIT Media Labs, a group tasked with researching and developing cryptocurrencies.

Cory was examining some of the Bitcoin ABC (Bitcoin Cash client) software updates in the hope of finding any bugfixes that might come relevant for Bitcoin Core. He noticed that some of the code, responsible for verifying transactions, had been rewritten. The new code did not include a critical check in the transaction signature type. This flaw could potentially split the Bitcoin Cash chain into two incompatible chains, which could entail the damage measured in billions of dollars.

He decided to inform the Bitcoin Cash developers of the vulnerability but then he realized he had a problem. He could not disclose the information because, if someone would have exploited the bug the following day, all the arrows would be pointing at Cory. There would be no way of proving that he had not been the attacker for he had all the necessary knowledge at the time.

He had certain doubts as to why he should risk his safety: he had no obligation whatsoever to report anything. But all the doubts evaporated when he thought about how he would want such information to be brought to his attention, had ‘an equally nasty bug’ been discovered in Bitcoin Core.

After several failed attempts Cory eventually found a way to send an encrypted message to Bitcoin ABC developers. The bug was fixed on April 27, two days after Cory had reported it. The catastrophe was averted.

Cory’s take-away from this incident:

As cryptocurrency developers, it is necessary to take a step back now and then to re-evaluate the tools at our disposal, as well as the policies and procedures that we put into place. We may not be able to eliminate the threat of bugs like these, but we can learn from them and be better prepared to handle them in the future.

Cory Fields, Bitcoin Core developer

Read here for more on Cory’s responsible deed for the crypto community.

BTC

8,744 USD
-6.81%

BCH

437.73 USD
4.84%

Related news

Shocker: In 2009, Hal Finney Estimated Bitcoin To One Day Reach $10 Million

For a long time, there have been lots of people coming up with their own predictions in regard to the future price of Bitcoin. People like Tim Draper and Tom Lee has estimated Bitcoin to hit above $100k in the coming years. They’ve also predicted that Bitcoin will soon achieve mass adoption and attract more institutional investment. However, there’s one person who seems to have lived way ahead of his time. His name is Harold Thomas Finney. In a now-viral screenshot of his posts from way back in 2009, Hal Finney seems to have had great optimism about the future of Bitcoin. Just a week after the Bitcoin network went live in January 3rd, 2009, Hal Finney predicted that the crypto would one day be valued at a cool $10 million apiece. You think bitcoin twitter is bullish? Hal Finney (@halfin), was calculating a bitcoin price of $10,000,000 per coin just ONE WEEK after the the genesis block on January 3rd, 2009. Absolute legend. pic.twitter.com/5MptLhEYHL — Dr. Bitcoin, M.D. (@DrBitcoinMD) August 23, 2019 Introducing The “Finney” One of the contributors in the tweet sought to kick-start a move to name 10,000 Satoshis a ”Finney.” Of course, this move can easily succeed if more effort is put to popularize it, and many people would get on board especially given Hal Finney’s respected status within the Bitcoin community.  Could He Be The Creator? Many have argued that Hal Finney could be the mysterious Satoshi Nakamoto, the creator of Bitcoin. In fact, one of the contributors on the thread claimed that Finney is Satoshi. The user argued that Finney must have had the idea about Bitcoin way longer than a week before he made his prediction.  Indeed, from a logical point of view, it’s hard to believe that someone who knew about Bitcoin for no longer than a week after its introduction could have known so much about it and even have the audacity to make predictions running into decades. Was Harold Finney really Satoshi? The post Shocker: In 2009, Hal Finney Estimated Bitcoin To One Day Reach $10 Million appeared first on ZyCrypto.
ZyCrypto

United States Intensifies Bitcoin Address Analysis in Opioid Fight

The U.S. Treasury Department is stepping up its focus on illegal cryptocurrency-related activities. Recently, Treasury announced that its financial intelligence and enforcement agencies are collecting and analyzing Bitcoin addresses. These addresses are associated with several “Chinese kingpins” allegedly involved in “fueling America’s deadly opioid crisis.” OFAC Adds BTC Addresses to the Specially Designated Nationals list On August 21, 2019, Treasury’s Office of Foreign Assets Control (OFAC) and Treasury’s Financial Crimes Enforcement Network (FinCEN) announced their coordinated actions to step up “financial pressure upon those who manufacture, sell, or distribute synthetic opioids or their precursor chemicals.” Treasury targets Chinese drug kingpins fueling America’s deadly opioid crisis https://t.co/lJRdfr7hF4 — Treasury Department (@USTreasury) August 21, 2019 These actions are components of investigations being carried out “to confront the deadly synthetic opioid crisis plaguing America.” According to OFAC, under these investigations are the following “Chinese drug kingpins,” – Fujing Zheng (Zheng) and the Zheng Drug Trafficking Organization (DTO). – Guanghua Zheng – Qinsheng Pharmaceutical Co. Ltd. – Xiaobing Yan (Yan) In this connection, on August 21, 2019, OFAC announced it had added 11 Bitcoin addresses and one Litecoin address to the Specially Designated Nationals (SDNs) list. Therefore, no U.S. individual can execute any transaction involving these addresses. The SDNs list includes targeted individuals and companies. Their assets are blocked. And it is illegal for U.S. persons to deal with them. FinCEN: Chinese Kingpins Use Bitcoin To Bypass Currency Controls At the announcement, Sigal Mandelker, Under Secretary for Terrorism and Financial Intelligence, stated, “The Chinese kingpins that OFAC designated today run an international drug trafficking operation that manufactures and sells lethal narcotics, directly contributing to the crisis of opioid addiction, overdoses, and death in the United States.” According to U.S. officials, the Zheng DTO used Bitcoin to launder part of its drug proceeds and to bypass currency controls and reporting requirements. Moreover, authorities pointed out that both Zheng and Yan are Bitcoin users. Therefore, “OFAC is also identifying Bitcoin addresses associated with these two drug traffickers to maximize disruption of their financial dealings.” FinCEN Director Kenneth A. Blanco indicated that, through the Bank Secrecy Act, FinCEN is collecting, analyzing, and disseminating data, which provides insight into the financial networks used by individuals “fueling America’s deadly opioid crisis.” And he pointed out, “We are making the financial sector aware of tactics and typologies behind illicit schemes to launder the proceeds of these fatal drug sales, including transactions using digital currency and foreign bank accounts.” How effective do you think the U.S. Treasury Department’s investigations will be? Let us know in the comments below! Images via Shutterstock, Twitter: @USTreasury The post United States Intensifies Bitcoin Address Analysis in Opioid Fight appeared first on Bitcoinist.com.
Bitcoinist

The Long-Term Bullish Case for Bitcoin Cash (BCH)

A few years ago, some members of the original Bitcoin community were frustrated by the leading cryptocurrency’s scalability issues. These members wanted to increase the block size […] The post The Long-Term Bullish Case for Bitcoin Cash (BCH) appeared first on Hacked: Hacking Finance.
Hacked

Hot news

By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.