Cryptheory – Just Crypto

Cryptocurrencies are our life! Get an Overview of Market News

Bitcoin Developers Disclose Vulnerability That Has Been Fixed

2 min read

Bitcoin Developers Disclose Vulnerability That Has Been Fixed

A vulnerability affecting earlier versions of Bitcoin Core—the open-source software that powers Bitcoin—was disclosed by Core contributor and developer Andrew Chow on Monday. The issue, that has been fixed, is known to other Bitcoin developers and commonly affects web browsers, but did not cause any disruption.

In a tweet, Chow said that the vulnerability was present in Bitcoin Core 0.18 and earlier, but has been fixed since the 0.19 version. For reference, Bitcoin currently runs on the 0.21.0 version.

But despite the warning, Chow said the attack was not likely to cause damage. “With the mitigations present in modern browsers and Linux desktop environments, I do not believe that this vulnerability can actually be exploited,” he said.

Chow added, “However if it could be exploited, it could lead to an RCE (i.e. malicious code being executed on the victim’s computer).”

Attack breakdown

The attack revolved around three technical aspects: a URI, short for Unified Resource Identifier; an identifier used by computers to identify real-world and digital objects, Qt5, a free program that creates graphical interfaces, and lastly, the way these two are handled on a computer.

Bitcoin Engineers Rediscover Huge Blockchain Vulnerability

Chow said that, since URI injections—the specific term for the nature of the vulnerability—are a known issue, software developers (Bitcoin developers in this case) know how to steer clear of them.

This means, in simple terms, that developers usually and easily avoid any flagged information sent by URIs and prevent attacks. However, the problem lay with Qt5, the graphic software, which did not recognize any faulty URIs and could have allowed for unwanted arguments (digital variables that contain data), to pass through.

Bitcoin Wallet Exploit Has Caused $25 Million Stolen to Date

In theory, such a vulnerability causes illicit code to send out false data/instructions to a computer and install a malicious plugin. This can then cause the user’s system to malfunction and/or other forms of cybercrime, such as data theft.

But, fortunately, most web browsers already have in-built systems to avoid such attacks and flag any unwanted arguments from going through. This means that while the vulnerability was present, it was hard to exploit, with Chow stating that it could even be impossible to actually cause harm.

Meanwhile, the vulnerability was one of the first such instances on Bitcoin Core. And it’s worth repeating again: Bitcoin itself remains unharmed—the attack was present in past versions of the software and could theoretically affect user devices, not the protocol itself.

Source

All content in this article is for informational purposes only and in no way serves as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.
BlackRock (IBIT), the Grayscale Bitcoin Trust (GBTC), Fidelity (FBTC), Ark Invest/21Shares (ARKB), Bitwise (BITB), Franklin (EZBC), Invesco/Galaxy (BTCO), VanEck (HODL), Valkyrie (BRRR), WisdomTree (BTCW), Hashdex (DEFI)

Leave a Reply

Your email address will not be published. Required fields are marked *