Bitcoin ABC, a cryptocurrency development team has introduced a path to solve a critical vulnerability in bitcoin cash mining software.
Based on Bitcoin ABC’s incident report, the vulnerability would have made it possible for a fraudster to create a separation in the bitcoin cash network.
To be successful, the fraudster would have created a malicious transaction that included the bitflag of “0x20” in the signature hash type. The transaction would have been approved by Bitcoin-ABC 0.17.0 and mined into a block but disapproved by all other bitcoin cash mining software.
On April 26, Bitcoin ABC was made aware of the situation and developers discretely shared a patch to mining pool operators and “verified bitcoin cahs miners” before making it known to the public.
According to the statement: “After analysis of the vulnerability and possible responses, Bitcoin-ABC developers prepared a patch for the vulnerability, and a private release, to distribute directly to mining pool operators. Due to the decentralized nature of the mining community, it was not possible to reach everyone directly. This release was provided to verified Bitcoin Cash miners to forward to trusted miners once they had upgraded.”
The patch has now been made public, so miners using Bitcoin-ABC 0.17.0 are instructed to upgrade to Bitcoin- ABC 0.17.1, which stops all criminal activities.
“Bitcoin ABC will be taking several actions in order to prevent such an event from occurring again, as well as reduce the overall response time in the case of emergent issues in the future,” the company promised in its statement. “Additionally, Bitcoin ABC is in discussions with industry participants to establish a formal bug bounty system.”
It is worth noting that Bitcoin ABC stated that they were warned of the vulnerability by a “clear and professional” report from an unknown informant, whom will be rewarded if he or she discloses their identity.