Bitcoin Cash ‘Chain-Splitting’ Bug was Detected by Bitcoin Core Developer
It has emerged that the “unknown person” who notified Bitcoin ABC developers of a vulnerability in Bitcoin Cash which would have resulted in the unintended split of the altcoin’s network is actually a Bitcoin Core (bitcoin’s primary software implementation) developer.
In a Medium blog post, Corey Fields revealed that he was the responsible for anonymously and privately informing Bitcoin ABC of the SIGHASH_BUG in Bitcoin Cash on April 25 this year. According to Fields, who works for MIT Media Lab’s Digital Currency Initiative, if the vulnerability had been successfully exploited it would have resulted in making bitcoin cash transactions unsafe, thus undermining the 4th-largest cryptocurrency by market capitalization.
Bitcoin’s Biggest Threat
In the same post, Fields said that the greatest threat facing bitcoin is related to software development.
“I’m often asked at conferences and workshops what I consider to be Bitcoin’s greatest challenge in the future. My answer is always the same: avoiding catastrophic software bugs,” Fields wrote.
The threat posed by software bugs with regards to cryptocurrencies is underestimated and companies in the space must make adequate preparations for these kinds of threats. As an example, Fields narrated the hoops and loops he had to jump through before he could inform Bitcoin ABC of the vulnerability.
Part of the problem was that Bitcoin ABC did not have a responsible disclosure policy. Additionally, Fields could not find publicly available encryption keys for the lead developers at Bitcoin ABC to whom he could send encrypted message informing them of the vulnerability without risking it being viewed by others.
‘People Have Been Killed for Much Less’
It was also important to remain anonymous for personal safety reasons just in case a malicious actor discovered the vulnerability and went on to exploit it before a fix could be rolled out. This would be problematic as suspicions could fall on Fields.
“Because I used my name for the disclosure, hard proof would exist that I had the knowledge and means to attack the network. I would have no way to prove that I was not the attacker. Then consider that, collectively, billions of dollars could have been lost as a result of this exploit. People have been killed for much less,” wrote Fields.
At the time when Bitcoin ABC announced that the vulnerability had been fixed, it was revealed that a reward would be given to the then-anonymous tipster once they went public.