On 18 September 2018, cryptocurrency developers, users, and investors heard shocking news. Programmers on the Bitcoin Core team announced a potentially dangerous security problem in the coin’s software. It seems that the cryptocurrency had been vulnerable to DDoS attacks for a year and a half before developers found the flaw.
You might ask, “OK, but don’t DDoS attacks happen everywhere?” Yes, but not in a blockchain-based currency. Bitcoin Core is the most secure and valuable cryptocurrency on the planet. A successful attack would have brought transactions to a halt and destroyed its value, worth billions.
No one took advantage of the flaw. However, the causes and proposed solutions of this near-fiasco highlight the problems that arise when organizations ponder how to prevent DDoS attacks.
A Quiet Ultimatum
The September 18th announcement was a news bulletin. It was a request, but some Bitcoin Core community members thought was a warning. The message: update Bitcoin Core software or risk having the whole Bitcoin Core network collapse. Several recent versions of the Bitcoin Core code were vulnerable to DDoS attacks. The problem involved Bitcoin Core wallet software, which could potentially be exploited by anyone who could mine the cryptocurrency.
The potential risk didn’t lie in stealing money out of cryptocurrency wallets. Instead, crypto mining computers could serve as launching pads for a DDoS attack. The vulnerability made it possible for malicious traffic to flood the currency’s peer-to-peer network or overwhelm computers that run crypto mining software.
Dodging the DDoS Bullet
The vulnerability had been in existence since March 2017. An attack never happened, and no one knows why. Developers speculated that nobody spotted the bug or that nobody was intent on incurring the expense of exploiting it.
That’s right—a successful attack on the Bitcoin Core network came with a huge price tag. To breach the system, potential attackers would have to use resources costing twelve and half bitcoins (or almost $80,000 in September 2018.)
The Importance of what didn’t Happen
There’s no evidence that anyone exploited the vulnerability, so you might say that this story is about what never happened. Why not chalk it up to enormous good luck and be done with it? Two excellent reasons: money and a possibly dangerous assumption:
- A mountain of money at risk. Bitcoin Core is the most popular and valuable cryptocurrency on the planet, with a market capitalization of $100 billion. Much of its value depends on the security and stability of its blockchain technology. Think of the damage that a destabilizing DDoS attack might do.
- Affordable DDoS attacks. Although $80,000 is not petty cash, it is, as one analyst said, less money than “a lot of entities would pay for a zero-day attack on many systems.” Some highly motivated people might try to take the Bitcoin Core network down.
- Confidence in decentralization. The concept that decentralized nodes (cryptomining computers) avoid risk is central to blockchain technology. Developers and investors believe that Bitcoin Core mining computers are too decentralized to be brought down in a single overwhelming attack. There’s no proof of immediate danger. However, the vulnerability suggests that someone might be thinking ahead to a future attack.
When developers discovered the Bitcoin Core flaw, they responded with a software update to block the vulnerability. Then, they joined other members of the Bitcoin Core community for a badly needed discussion. Their topics: software QA, testing, and ongoing code review processes.
A Software Patch and Many Points of View
Bitcoin Core developers urged crypto miners to change their software with the latest version as soon as possible. The patch eliminated potential crashes by enabling the software to reject blocks of transaction data created during a DDoS attack.
Next, the discussion focused on how developers could identify and fix future bugs in the Bitcoin Core code if they occur. The developers didn’t agree on how to accomplish these goals, but they did discuss:
- Building and using more sophisticated tests that can locate dangerous hard-to-find bugs.
- Accelerating Bitcoin Core development by speeding up the code review process. However, this created a problem: few people have the skills to test blockchain code.
- Assigning skilled testing specialists to Bitcoin Core development. Until developers find these specialists and get them to participate in the Bitcoin Core community, code review will continue being a bottleneck in Bitcoin Core development.
Learning Quality Assurance, the Hard Way
Bitcoin Core community members might have avoided a catastrophe. However, their collective experience still provided them with several valuable lessons, including the following:
- Rapid response is important. It’s not enough to install bug fixes quickly after finding a vulnerability. Mandatory software upgrades must be delivered and installed quickly, too.
- Depending on only one development team to run QA is risky. Using several development teams encourages different approaches, which increases the chance of finding and fixing exotic bugs.
- All team members must pay better attention to what’s in the code. When the dust settled, developers had time to review what happened. Several admitted that the community messed up by not reviewing and reporting consensus changes thoroughly enough. One programmer even mentioned that the code in question looked funny. He assumed others had already checked it. Then, he moved on to other work.
Developing and maintaining complicated software in an open source environment is always tricky. Assuming that team members are vigilant (so, you don’t have to be) is downright risky. Until Bitcoin Core developers decide on a comprehensive process, their only practical solution is prevention. That means collaborating, being vigilant, being thorough, and participating in community efforts.