Topic: [2020-09-12]Researcher kept a Bitcoin bug secret for 2 years to prevent attacks (Read 199 times)
September 30, 2020, 11:23:42 AM
It was the right decision. Of course, hackers would have found this bug, but at least it took them some time.
September 30, 2020, 05:54:35 AM
I would assume they assume that protecting Bitcoin itself is enough of a bug bounty. If you find a gaping hole it's likely you own some and don't want it flying down the toilet.
September 28, 2020, 08:48:51 PM
@slaman29, @Kakmakr. Bug bounties have never existed in many opensource projects unless someone organizes this for them.
Also, agreed! Good question because what are the trying hard influencers in the B Foundation doing about this? They only want influence with no effort? I reckon organizing a bug bounty should be their job.
Also, agreed! Good question because what are the trying hard influencers in the B Foundation doing about this? They only want influence with no effort? I reckon organizing a bug bounty should be their job.
September 28, 2020, 06:03:36 AM
Is there some kind of reward for people to receive if they find vulnerabilities like this? Who would be funding such a reward, if it does exist? I know exchanges and wallet providers will offer a reward, if someone finds an exploit in their code, but we know where they get there funds from. 
Interesting question too. I know most blockchain projects have a bug bounty set aside from their own funds but those are all centralized ones. I guess Bitcoin doesn't have it maybe because it's just all these guys who are paid or volunteered to fix it at their own time. Probably why it takes 2 years to fix;)
September 27, 2020, 10:21:59 PM
@Harlot. However, the title of the article is clickbait that implies something else. I am shaking my head on why many mainstream news outlets have the need to do something like this.
September 27, 2020, 04:07:12 PM
This is very old news and the bug was fixed already. What is the writer of the article doing by putting this back on the surface again? I am skeptical, however, I do speculate that there are people behind this.
According to the article this bug only re-emerge because the vulnerability that the had found on Bitcoin was also seen on another cryptocurrency named Decred which I think is the reason why they also have revealed that they saw it on Bitcoin earlier because Decred was based on an older version of the Bitcoin code. Other cryptocurrencies that are also based on Bitcoin's code are also vulnerable and maybe that is why they came out of it to make the developers be able to handle the issue for their own respective projects.
September 17, 2020, 12:39:54 AM
This is very old news and the bug was fixed already. What is the writer of the article doing by putting this back on the surface again? I am skeptical, however, I do speculate that there are people behind this.
September 16, 2020, 06:48:52 AM
A nice little litmus test of the competence and vigilance of the developers who are using the same basis for other coins. My bet is that hardly any of them will care or understand nor will their handful of users. There'll be shitcoins with gaping vulnerabilities that were long ago dealt with on the better run platforms.
September 16, 2020, 03:38:15 AM
Is there some kind of reward for people to receive if they find vulnerabilities like this? Who would be funding such a reward, if it does exist? I know exchanges and wallet providers will offer a reward, if someone finds an exploit in their code, but we know where they get there funds from.
In any way, most people are invested in Crypto currencies that has the knowledge to find these so-called "bugs" ...so it is in their best interest to keep it a secret, because it will have a major influence on the value of their own hoard.. if the exploit is made public before it is patched.
In any way, most people are invested in Crypto currencies that has the knowledge to find these so-called "bugs" ...so it is in their best interest to keep it a secret, because it will have a major influence on the value of their own hoard.. if the exploit is made public before it is patched.
September 14, 2020, 06:00:52 PM
In any case, over time, hackers would have found this vulnerability, I'm sure of it.
Fixing the bug quickly will prevents any harm for users keeping their software up to date. Using an old version is not recommended and always risky 
September 14, 2020, 03:09:57 PM
I think they have done right on doing so. Vulnerabilities where it hasn't been resolve yet shouldn't be disclose to anyone not unless the vulnerability is related to users doing a certain action like how older versions of Electrum are bring controlled by hackers. By staying silent they are giving themselves time to fix the issue not worsen the scenario where hackers might have the idea of doing the vulnerability said by them.
September 14, 2020, 11:16:27 AM
In any case, over time, hackers would have found this vulnerability, I'm sure of it.
September 14, 2020, 06:57:33 AM
Some critical business (e..g railway,...) with very high standards have to wait up to 10y to be 'allowed' to use a new tech for the public to be settled - exactly for that reason.
All such forks (hard/soft) and alterations happening to bcore, bcash, eth, .. are just a nightmare / nogo for any enterprise business btw
All such forks (hard/soft) and alterations happening to bcore, bcash, eth, .. are just a nightmare / nogo for any enterprise business btw
September 14, 2020, 06:02:17 AM
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/
Jump to: