Bitcoin: Over 13% of Nodes Are Vulnerable to a Critical Bug!

The Bitcoin network is facing a discrete but serious threat today. Around 13% of the nodes that maintain and secure the blockchain are vulnerable to a critical error that could bring them down. However, this vulnerability, identified in May 2023, persists on several nodes that have not yet been updated to the latest version of the Bitcoin Core software. While Bitcoin’s security is often touted for its robustness, this issue exposes systemic flaws related to the management of the software necessary for the network to function properly.

Critical unpatched vulnerability on 13% of Bitcoin nodes

In May 2023, Bitcoin developers discovered a major vulnerability in the Bitcoin core software. The bug named CVE-2024-35202 affects nodes with versions earlier than 25.0. More than 13.7% of active nodes worldwide have yet to install this major update, putting a significant portion of the network at risk of collapse. According to the developers, the flaw is in the compact block protocol, which is a system designed to optimize data transfer by reducing the size of transactions sent between nodes. Such an error can cause the collapse of individual nodes, thus endangering the stability of the network. “Affected nodes may be forced into an invalid state, resulting in a complete shutdown,” the developers explain in an official message.

Although the bug is fixed in version 25.0, the fact that Bitcoin Core does not offer automatic updates leaves many node operators vulnerable. Updating requires manual intervention, which seems to be an obstacle for many. According to BitNodes.io, nearly 2,582 active nodes out of a total of 18,843 continue to operate without protection against this bug. The stakes are high because while the exploit doesn’t allow for bitcoin theft or double spending, it could be used by actors trying to destabilize the network. A large-scale attack could cause significant disruption to the Bitcoin network.

Why are so many nodes not updating?

The lack of automatic updates in Bitcoin’s core software calls into question the management and security of nodes in a network as fundamental as Bitcoin itself. Each node operator is actually responsible for maintaining and updating their software, a choice linked to Bitcoin’s decentralized philosophy. However, this manual management is today a source of vulnerability for nodes that have not yet integrated the latest version. “Bitcoin Core does not force users to update their software, leaving some functional nodes with outdated versions vulnerable,” the developers warn. How then can we guarantee the security of the network while respecting its basic principle of decentralization?

The reasons why some operators delay updating their nodes often include distrust of new releases or a lack of technical knowledge to understand the importance of these updates. The solution to prevent such risks in the future could therefore be a model of automatic or semi-automatic updates. If some actors managed to exploit this flaw on a large scale, it could have a destabilizing effect on the network on a technical level, but also in terms of user confidence in the security of Bitcoin.

This problem exposes a deep dilemma in the governance of the Bitcoin network. While decentralization is one of its strengths, it also complicates security management, especially when it comes to critical updates. If no steps are taken to encourage or facilitate node updates, the network may remain vulnerable to future attacks. So the question is open: should we maintain the complete freedom of the node operators, or introduce stricter security measures to guarantee the stability of the network? One thing is for sure, the Bitcoin community will need to think about these issues quickly to avoid more vulnerabilities in the future.

Luc Jose A.

A graduate of Sciences Po Toulouse and holder of the blockchain consultant certification issued by Alyra, I joined the Cointribune adventure in 2019. Convinced of the potential of blockchain to transform many sectors of the economy, I made a commitment to raise awareness and inform the general public about this ever-evolving ecosystem. My goal is to enable everyone to better understand blockchain and take advantage of the opportunities it offers. Every day I try to provide an objective analysis of current events, decipher market trends, convey the latest technological innovations and put into perspective the economic and social problems of this ongoing revolution.

DISCLAIMER OF LIABILITY

The comments and opinions expressed in this article are solely those of the author and should not be considered investment advice. Before making any investment decision, do your own research.