Feed for category: security
Bitcoin Core 0.16.3 released fixes denial-of-service vulnerability
IMPORTANT The bug fixed in 0.16.3 is more severe than was previously made public. Full node users are advised to upgrade as soon as possible to Bitcoin Core 0.16.3. The releases can be found on bitcoin core website. Make sure to verify the binaries before using them. Stored funds are not at risk, there is however a small probability for a chainsplit. In the event of a chainsplit, transactions could be reversed even after a long time after they were fully confirmed.
Bitcoin Encrypted Communication (BIP151) Overhaul

On of the pros of Bitcoin since its birth is that it’s a public ledger, anyone is allowed to send and receive payments and data on the Blockchain. However, Bitcoin’s network does not provide a way of encrypting communication between nodes, which allows manipulation of data, mass surveillance and analysis of its users.

Although encrypted communication is currently a possibility with VPNs, TOR or other mechanisms, it is not easy for the average user to setup such a connection. There is BIP draft called BIP151 that aims to add encrypted communication to Bitcoin’s network and which currently seems implemented only by Armory.

Jonas Schnelli presented an overhauled version for BIP 151 with some major changes:

Guiding Transaction Fees Towards a more Censorship Resistant Outcome

This is summary for a submission by Ruben Somsen on bitcoin-dev on censorship resistant transactions.


Bitcoin transactions with light client wallets involve addition of transaction fees as incentive for miners to include the transaction to the blockchain through the process of mining. This creates a win-win situation.

First, without any specific conditions, miners get paid the fees provided the transaction gets included in a valid chain with the most proof-of-work.

Secondly, the user enjoys the benefit of his transaction being added to the blockchain. The fees also ensure the security of transaction on the network as miners cannot ignore the transactions or other miners will process it because it has a reward attached.

For the full node Bitcoin Core however, conditions for adding transactions to the blockchain are more specific, one of which is that transactions can only be added to a block with a block height that is one higher than the last.

Trezor One Firmware Update

Recently a physical attack vector on the Trezor One hardware wallet was disclosed by a security researched called Sunny, Trezor was quick to release a firmware update 1.6.1 but the researcher realized that another attack vector of the same type was possible so SatoshiLabs released the new firmware update 1.6.3 on the 30th of August.

Trezor comes with a tamper-evident seal and the attack vector only affects tampered devices, so if you bought your Trezor used or if it came with the seal broken, make sure you update the firmware first then set it up. If you’re updating an older Trezor, make sure to have the correct recovery seed on hand as you’ll need it to set it up.

The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.

Source

Getting around to fixing the timewarp attack

A timewarp attack on Bitcoin allows malicious miners to game the timestamp system to allow them to increase the rate of block generation beyond what the blockchain meant it to be. This attack has been possible since 2012 and was demonstrated on the testnet.

This was dismissed as an unimportant issue for the past few years as it requires the majority of hashrate and is easily blocked once someone starts using it.