Unlimited Hashrate Increase as Remote Crash Bug Was Reported, Exploited and Fixed in Bitcoin Speed

A bug was recently discovered in Bitcoin Unlimited (BU), a competing Bitcoin node client, thus allowing a malicious user to crash nodes remotely. The bug was disclosed in an email on the morning of March 14, and later shared via social media.

Also Read: Do You Think They’ll Use the US Dollar on Mars?

Bug Leaked Over Social Media after Disclosure

“We were in the process of releasing when [bitcoin developer] Peter Todd took someone else’s exploit and irresponsibly tweeted,” says Bitcoin Unlimited lead developer Andrew Stone. He references a tweet sent March 14 by Mr. Todd, an applied cryptography consultant, who has coded for another Bitcoin node client; Bitcoin Core.

Mr. Stone adds: “We have committed a fix. It took five minutes. We just need to validate some inputs that nodes send us.”

After the BU bug went viral on Bitcoin social media, there was a massive drop in the number of nodes running the Bitcoin Unlimited software. As of 3:45 PM Pacific Standard Time, the number of BU nodes had decreased to levels not seen since autumn last year. Before the bug, BU node deployment had reached an all-time high. 

Emil Oldenburg, CTO at the Unlimited-capable pool.Bitcoin.com commented on the events as follows: “It did not affect anything, in fact, we even mined a block during the attack. Our nodes did crash, but they restart very fast.”

Bitcoin blockchain monitor site Coin.dance showed a continued strong support for the Bitcoin Unlimited client after fix had been released, with the Unlimited client hitting a new all time high, now responsible for more than 34% of the network’s total mining hashrate.

“Remote crashes is a common exploit in software in general,” says Mr. Stone, who doesn’t know how many remote crash CVEs there have been in Bitcoin’s history. What effect this will have long-term on Bitcoin Unlimited, he does not know.

“We will see,” he tells Bitcoin.com. “We are pushing images to miners right now, although many of them are using a variety of masking techniques to protect their infrastructure.”

Bitcoin Developments Efforts Splintered

Bitcoin developers have heretofore generally worked together in large groups on the Bitcoin project. For instance, recent updates to the dominant client ‘Bitcoin Core’ have featured the work of dozens of contributors. But, over time, efforts have seemingly splintered into competing open-source creation communities working around the modern Bitcoin protocol. As has become increasingly apparent in past months, there has been a breakdown in relationships between many developers.

Some also look to sabotage Bitcoin Unlimited, some feeling it is an attempt to hijack the Bitcoin network. “Running my fuzzer on the diffs BU have from Core, and have already some crashes. Hopefully some of them are exploitable,” an internet user using the handle ‘ciphera’ stated on Reddit. “Going to collect as many zero-days to release at the most opportune time possible.”

Another user stated: “I will personally exploit any flaw in [Bitcoin Unlimited] and not disclose.”

What do you think about the development process? Let us know in the comments below.


Images courtesy of Shutterstock, Coin Dance


Do you want to talk about bitcoin in a comfortable (and censorship-free) environment? Check out the Bitcoin.com Forums — all the big players in Bitcoin have posted there, and we welcome all opinions.

  • say NO to corporate Bitcoin Unlimited. – support core! stop drinking the koolaid from @Rogerkver

    • Pangur Bán

      Yea, because the people behind core serve no master…

    • Ricky Bickerton

      Who is funding core developers? As shaolinfry Makes his case about segwit needing to be activated soon due to the expense of funding core developers that needs to be recouped. So obviously the developers are getting funding from somewhere that needs to be paid back. Sort of like how US president elections work, positions borrow money for campaign and repay once they are in power, that also seems to be the case for blockstream/core and their BSB (bulls…..i mean BlockStreamBitcoin)

    • RobSa

      I’m saying no to long wait times and banking fees.

  • Roger Ver

    “It went like this:
    BU devs found a bug in the code, and the fix was committed on Github.
    Only about 1 hour later, Peter Todd sees that BU devs found this bug. (Peter Todd did not find this bug himself).
    Peter Todd posts this exploit on twitter, and all BU nodes immediately get attacked.
    r/bitcoin moderators, in coordination, then ban all mentions of the hotfix which was available almost right away.
    r/bitcoin then relentlessly slanders BU, using the bug found by the BU devs, as proof that they are incompetent. Only mentions of how bad BU is, are allowed to remain.
    What this really shows is how criminal r/bitcoin Core and mods are. They actively promoted an attack vector and then banned the fixes for it, using it as a platform for libel.”

    • Thanks for the clarifying from your perspective

    • Pete M.

      peter todd’s a punk! long live XRP

    • @rogerkver thanks for sharing your side.
      Do you think that this calls into question at all the integrity of the testing thus far on BU or would you argue that this was a normal dev issue? People are arguing that this was a QA failure from BU. Thoughts?

    • fjavierrsobrino

      “i was hacked” no you werent’ you advertised a network API that shuts the software down!
      Obviusly you don’t have any idea of what you’re doing.

      • Zyo

        > you advertised a network API that shuts the software down
        What are you talking about? If you do that to a bank or any government agency they will arrest you and file criminal charge… If you a lot a door unlock in your house doesn’t means you invited everyone in your house!

    • Erik

      At any rate, Peter Todd has shown his true colors !

      My question is this a type of person we want anywhere near bitcoin code ?!?

    • Gds

      False… as the attack has started 30 minutes after the commit. Todd has posted 1 hour after the commit.

    • Ricky Bickerton

      Mr. Ver, I would be extremely grateful if you could express your opinion on Bcoin, and it recent achievement. With bcoin now in the scaling debate until now, it is a fresh angle I think the entire community should be discussing and looking at.

  • Ricky Bickerton

    The best thing to come out of the scaling debate so far, is bcoin