Author

Topic: [2020-09-12]Researcher kept a Bitcoin bug secret for 2 years to prevent attacks (Read 224 times)

sr. member
Activity: 616
Merit: 253
It was the right decision. Of course, hackers would have found this bug, but at least it took them some time.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
I would assume they assume that protecting Bitcoin itself is enough of a bug bounty. If you find a gaping hole it's likely you own some and don't want it flying down the toilet.
legendary
Activity: 3010
Merit: 1460
@slaman29, @Kakmakr. Bug bounties have never existed in many opensource projects unless someone organizes this for them.

Also, agreed! Good question because what are the trying hard influencers in the B Foundation doing about this? They only want influence with no effort? I reckon organizing a bug bounty should be their job.
legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
Is there some kind of reward for people to receive if they find vulnerabilities like this? Who would be funding such a reward, if it does exist?  I know exchanges and wallet providers will offer a reward, if someone finds an exploit in their code, but we know where they get there funds from.  Wink

Interesting question too. I know most blockchain projects have a bug bounty set aside from their own funds but those are all centralized ones. I guess Bitcoin doesn't have it maybe because it's just all these guys who are paid or volunteered to fix it at their own time. Probably why it takes 2 years to fix;)
legendary
Activity: 3010
Merit: 1460
@Harlot. However, the title of the article is clickbait that implies something else. I am shaking my head on why many mainstream news outlets have the need to do something like this.
hero member
Activity: 1806
Merit: 672
This is very old news and the bug was fixed already. What is the writer of the article doing by putting this back on the surface again? I am skeptical, however, I do speculate that there are people behind this.

According to the article this bug only re-emerge because the vulnerability that the had found on Bitcoin was also seen on another cryptocurrency named Decred which I think is the reason why they also have revealed that they saw it on Bitcoin earlier because Decred was based on an older version of the Bitcoin code. Other cryptocurrencies that are also based on Bitcoin's code are also vulnerable and maybe that is why they came out of it to make the developers be able to handle the issue for their own respective projects.
legendary
Activity: 3010
Merit: 1460
This is very old news and the bug was fixed already. What is the writer of the article doing by putting this back on the surface again? I am skeptical, however, I do speculate that there are people behind this.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
A nice little litmus test of the competence and vigilance of the developers who are using the same basis for other coins. My bet is that hardly any of them will care or understand nor will their handful of users. There'll be shitcoins with gaping vulnerabilities that were long ago dealt with on the better run platforms.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Is there some kind of reward for people to receive if they find vulnerabilities like this? Who would be funding such a reward, if it does exist?  I know exchanges and wallet providers will offer a reward, if someone finds an exploit in their code, but we know where they get there funds from.  Wink

In any way, most people are invested in Crypto currencies that has the knowledge to find these so-called "bugs" ...so it is in their best interest to keep it a secret, because it will have a major influence on the value of their own hoard.. if the exploit is made public before it is patched.  Wink
legendary
Activity: 2142
Merit: 1065
✋(▀Ĺ̯ ▀-͠ )
In any case, over time, hackers would have found this vulnerability, I'm sure of it.
Fixing the bug quickly will prevents any harm for users keeping their software up to date. Using an old version is not recommended and always risky  Undecided
hero member
Activity: 1806
Merit: 672
I think they have done right on doing so. Vulnerabilities where it hasn't been resolve yet shouldn't be disclose to anyone not unless the vulnerability is related to users doing a certain action like how older versions of Electrum are bring controlled by hackers. By staying silent they are giving themselves time to fix the issue not worsen the scenario where hackers might have the idea of doing the vulnerability said by them.
full member
Activity: 301
Merit: 100
In any case, over time, hackers would have found this vulnerability, I'm sure of it.
hv_
legendary
Activity: 2534
Merit: 1055
Clean Code and Scale
Some critical business (e..g railway,...)  with very high standards have to wait up to 10y to be 'allowed' to use a new tech for the public to be settled - exactly for that reason.

All such forks (hard/soft) and alterations happening to bcore, bcash, eth, .. are just a nightmare / nogo for any enterprise business btw
legendary
Activity: 2310
Merit: 1422
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/
Jump to: