Critical vulnerability impacts Bitcoin Cash miners

Users of ABC mining software are being urged to update their builds immediately.

screen-shot-2018-05-08-at-11-05-20.jpg
File Photo

A critical vulnerability has been discovered in Bitcoin ABC software which has the potential to impact miners of the cryptocurrency.

On Monday, Bitcoin ABC said in a security advisory that a critical vulnerability has been found in Bitcoin ABC version 0.17.0 which has the potential to cause an unintended split in the Bitcoin Cash network.

In order to exploit the vulnerability, an attacker would need to construct a malicious transaction which could be accepted into Bitcoin ABC and consequently mined into a block.

Once this block has been established, the block would then reject all other versions of Bitcoin Cash compliant implementations.

"The malicious transaction would contain the bitflag of 0x20 set in the signature hash type," the company notes.

If exploited, the security flaw could force a split of BUCash and versions of Bitcoin-ABC prior to 0.17.0 from the majority Bitcoin Cash blockchain. It is not known how other nodes may be affected.

See also: Coinsecure, not so secure: Millions in cryptocurrency stolen, CSO blamed

The critical bug was reported directly to Bitcoin ABC on 26 April. However, as the flaw was reported anonymously, Bitcoin ABC is asking the researcher to come forward to receive a reward.

"Bitcoin ABC will be taking several actions in order to prevent such an event from occurring again, as well as reduce the overall response time in the case of emergent issues in the future," the company added. "Additionally, Bitcoin ABC is in discussions with industry participants to establish a formal bug bounty system."

Miners using Bitcoin ABC are urged to update to Bitcoin ABC version 0.17.1 immediately to prevent the exploit of the vulnerability.

Patches have already been distributed to the majority of mining pool operators.

Previous and related coverage

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All