This Security Researcher Found the Bug That Knocked Out Bitcoin Unlimited
For over a year, attackers have had the ability to crash Bitcoin Unlimited and Bitcoin Classic nodes. Yesterday, someone actually did it. According to websites like Coin Dance, the number of Bitcoin Unlimited nodes fell sharply from almost 800 to less than 250 in a matter of hours. Bitcoin Classic was hit shortly after.
One day earlier, the security researcher who found the vulnerability had reached out to Bitcoin Magazine.
“I am quite beside myself at how a project that aims to power a $20 billion network can make beginner’s mistakes like this.”
Bitcoin Unlimited and Bitcoin Classic are forks of Bitcoin Core that intend to increase Bitcoin’s block size limit. Both launched in 2015 and have been maintained by their own development teams since. While Bitcoin Classic was a relatively popular alternative to Bitcoin Core last year, Bitcoin Unlimited has been gaining traction lately. The world’s largest mining pool — AntPool — announced it would switch to Bitcoin Unlimited, as have several smaller pools.
But not everyone believes that is a good idea.
“I am rather dismayed at the poor level of code quality in Bitcoin Unlimited and I suspect there [is] a raft of other issues,” a security researcher identifying herself only as “Charlotte Gardner” told Bitcoin Magazine on Monday.
Communicating over email, Gardner said she was auditing the software for her own use, but quickly came to the conclusion that it’s highly unsafe: “What concerns me is that this software is now being used by a huge portion of the Bitcoin mining ecosystem.”
Gardner revealed that she had submitted two vulnerabilities — “critical remote crash vulnerabilities” to be exact — to the Bitcoin Unlimited development team.
The first one is known as a “NULL pointer dereference,” the second a “reachable assertion.” In both cases, attackers can send especially crafted messages to Bitcoin Unlimited or Bitcoin Classic nodes to make these nodes crash. On an open peer-to-peer network like Bitcoin’s, this means that an attacker can get a list of Bitcoin Unlimited and Bitcoin Classic nodes from publicly available sources, like Bitnodes, and simply knock every single one of them offline.
“I’m surprised no one has noticed them yet,” Gardner told Bitcoin Magazine one day before the attack took place. “I guess not many people actually use the Bitcoin Unlimited software. But with their ‘rise,’ attackers may take more interest.”
When contacting Bitcoin Magazine on Monday, Gardner did not immediately want to make the vulnerabilities public. That would have been irresponsible, she explained, as the bugs could still be exploited before the Bitcoin Unlimited development team had the chance to fix it.
But she did also submit the vulnerabilities to Mitre’s Common Vulnerabilities and Exposures (CVE) database. This ensures that Mitre discloses the bugs in one month from now, which pressures the developers to actually fix the problem in time.
However, even following this responsible disclosure, Gardner thought there was a risk that the vulnerabilities would be abused as soon as they were fixed in the Bitcoin Unlimited code repository. After all, at that point the problem isn’t really solved: anyone running the released Bitcoin Unlimited software is still vulnerable until they download and run the new, revised version. This opens a window for attackers.
“The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,” she said.
It now appears that is exactly what has happened. While the Bitcoin Unlimited developers did indeed fix the issue shortly after it was pointed out to them, they did so with far too conspicuous a GitHub commit message, Gardner told Bitcoin Magazine once it appeared the bugs seemed fixed and before the attacks began.
“Their commit message does ring alarm bells. I’m not sure if anyone will notice, but they probably should have obfuscated the message a bit more. The wording might attract closer scrutiny. But if it went unnoticed for this long, maybe it will go unnoticed.”
Clearly, it did not.
As Gardner warned, it didn’t take long for attackers to exploit one of the vulnerabilities: the first attacks happened shortly after the bugs were fixed. A little later, user “shinobimonkey” took the issue to Reddit, Bitcoin Core developer Peter Todd tweeted about the bug and social media blew up.
Someone then even published exploit code for anyone to use, and before long most Bitcoin Unlimited nodes were down, to be followed by many Bitcoin Classic nodes.
“This is exactly why there is supposed to be a ‘responsible disclosure’ protocol,” Gardner told Bitcoin Magazine after the attacks took place. “But then it doesn’t help if the software project is not discreet about fixing critical issues like this.”
This is not the first time the code quality of Bitcoin Unlimited or Bitcoin Classic has been scrutinized.
As the best-known example, the bitcoin.com mining pool, which runs Bitcoin Unlimited, mined an invalid block caused by a bug last January. All energy invested to produce the block was wasted, while mining pools that spy mined on top of the invalid block wasted some energy as well.
Before that, Bitcoin Core developers had already warned about buggy code on several occasions. On the Bitcoin-development mailing list, Matt Corallo said that he had found Bitcoin Classic’s flexible transactions codebase to be “riddled with blatant and massive security holes.” On Reddit, Gregory Maxwell pointed out that Bitcoin Unlimited nodes were crashing because the development team removed code that shouldn’t have been removed.
Addressing Bitcoin Unlimited lead developer Andrew Stone in response to yesterday’s events, Maxwell suggested there are more problems with Bitcoin Unlimited’s codebase that have not yet been abused:
“There are vulnerabilities in Unlimited which have been privately reported to you in Unlimited by Bitcoin Core folks which you have not acted on, sadly. More severe than this one, in fact.”
Perhaps the main problem for Bitcoin Unlimited, as pointed out by information security expert Andreas Antonopoulos, is that it lacks a significant development community to perform proper quality analysis. The number of developers working on Bitcoin Unlimited and Bitcoin Classic is relatively small, and the code that included the exploited vulnerability was merged after being reviewed by only one person — not a lot for security-critical code protecting people’s money.
Gardner agreed with this assessment:
“In this case, the vulnerabilities are so glaringly obvious, it is clear no one has audited their code because these stick out like a sore thumb,” she said. “I’m astounded the mining industry are running this software. But since they are, and a lot of people could get harmed, the best I can do, other than recommending they don’t use Bitcoin Unlimited, is to disclose the issues and hope they are competent enough to fix it.”
Bitcoin Magazine reached out to Bitcoin Unlimited developers Andrew Stone and Andrea Suisani, but received no response at time of publication.