Bitcoin: Over 2500 Nodes Vulnerable To A Critical Bug!
The Bitcoin network is currently facing a discreet but serious threat. About 13% of the nodes that maintain and secure the blockchain are vulnerable to a critical flaw that could cause them to crash. This vulnerability, identified in May 2023, persists in several nodes that have not yet been updated with the latest version of the Bitcoin Core software. While Bitcoin’s security is often praised for its robustness, this issue reveals systemic flaws related to the management of the essential software ensuring the network’s proper functioning.
A critical vulnerability unpatched in 13% of Bitcoin nodes
In May 2023, Bitcoin developers discovered a major vulnerability in the Bitcoin Core software. The bug, named CVE-2024-35202, affects nodes running versions earlier than 25.0. More than 13.7% of active nodes worldwide have not yet installed this critical update, thus exposing a significant portion of the network to a crash risk. According to the developers, the flaw is located in the compact block protocol, a system designed to optimize data transmission by reducing the size of transactions sent between nodes. Such a bug can lead to the collapse of individual nodes, thus compromising the network’s stability. “Affected nodes can be forced into an invalid state, causing a complete shutdown,” the developers explain in an official report.
Although the bug is fixed in version 25.0, the fact that Bitcoin Core does not offer automatic updates leaves many node operators vulnerable. Updating requires manual intervention, which seems to be an obstacle for several of them. According to BitNodes.io, nearly 2,582 active nodes, out of a total of 18,843, continue to operate without protection against this flaw. The issue is significant because although the exploit does not allow for bitcoins to be stolen or for double spending to occur, it could be used by actors seeking to destabilize the network. A large-scale attack could create significant disruption to the Bitcoin network.
Why aren’t so many nodes updated?
The lack of automatic updates in the Bitcoin Core software raises questions about the management and security of nodes in an essential network like Bitcoin’s. Indeed, each node operator is responsible for maintaining and updating their software, a choice linked to Bitcoin’s decentralized philosophy. However, this manual management is currently at the root of the vulnerability of nodes that have not yet integrated the latest version. “Bitcoin Core does not force users to update their software, leaving some functional nodes with obsolete vulnerable versions,” the developers point out. How then can the network’s security be ensured while respecting its founding principle of decentralization?
Among the reasons why some operators delay updating their nodes, there is often distrust of new versions or a lack of technical knowledge to understand the importance of these updates. Thus, a model of automatic or semi-automatic updates could be a solution to prevent such risks in the future. If some actors succeeded in exploiting this flaw on a large scale, it could have a destabilizing impact on the network technically, but also in terms of user confidence in Bitcoin’s security.
This issue reveals a deep dilemma in the management of the Bitcoin network. Although decentralization is one of its strengths, it also complicates security management, especially when it comes to critical updates. If no action is taken to encourage or facilitate node updates, the network could remain exposed to future attacks. The question remains open: should the total freedom of node operators be preserved, or should stricter security measures be imposed to ensure the network’s stability? One thing is certain, the Bitcoin community will need to quickly consider these challenges to avoid further vulnerabilities in the future.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
Diplômé de Sciences Po Toulouse et titulaire d'une certification consultant blockchain délivrée par Alyra, j'ai rejoint l'aventure Cointribune en 2019. Convaincu du potentiel de la blockchain pour transformer de nombreux secteurs de l'économie, j'ai pris l'engagement de sensibiliser et d'informer le grand public sur cet écosystème en constante évolution. Mon objectif est de permettre à chacun de mieux comprendre la blockchain et de saisir les opportunités qu'elle offre. Je m'efforce chaque jour de fournir une analyse objective de l'actualité, de décrypter les tendances du marché, de relayer les dernières innovations technologiques et de mettre en perspective les enjeux économiques et sociétaux de cette révolution en marche.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.