According to reports out last week, a lone Bitcoin Core developer found a huge vulnerability on the Bitcoin Cash network back in April, one that could have been used to cause some serious damage to Bitcoin Cash.
Now, before I continue, let’s just remember that there’s a lot of tension between Bitcoin Core and Bitcoin Cash, with both claiming to be the ‘original Bitcoin’, therefore, being presented with an opportunity like this could have been a bit of a goldmine for the developer in question.
Instead, Cory Fields, Bitcoin Core developer, used the information to inform the Bitcoin Cash development team so give them the opportunity to implement a fix, before a hacker gained access to the network.
What happened here?
Fields has taken to Medium to upload his side of the story.
On the 25th of April 2018, Fields located a critical vulnerability within the Bitcoin Cash network. The vulnerability would have given a hacker the chance to essentially lift all security from the network, meaning the use of Bitcoin Cash would have been completely unsafe. This could also have severely impacted the value of Bitcoin Cash, which at the time was valued high.
Of course, in his post, Fields does clarify a distinction between Bitcoin Core and Bitcoin Cash:
“A quick clarification: Bitcoin Cash is a cryptocurrency that is distinct from and incompatible with Bitcoin. It is named as such because it is derived from Bitcoin. The now-fixed bug described below only affected Bitcoin Cash; the only relation to Bitcoin is the similar name.”
Of course, the Bitcoin Cash camp would argue that this is totally the other way round.
What action did Fields take?
Fields struck a problem. He realised that by simply just contacting the Bitcoin ABC team, he could be at risk of having his name used against him, in a hack that exploited the vulnerability. But then how could Fields actually pass the message on, in good time, without actually disclosing any personal details? This had to be posted on a public forum, but then if this was seen by another person, what would stop them from exploiting the hack themselves?
Fields was forced to use a complicated encryption key method to spread the message over Github, which was both time consuming and somewhat risky:
“On April 27, after waiting roughly 48 hours for a response to the disclosure, a pull request was opened to covertly fixed the issue in Bitcoin ABC. The message had apparently been received. Success!”
You can see Fields full story here. It actually shows a very interesting perspective into what happened and shows that even in times of tension, good old human nature always come through. I’m sure there are 100s of Bitcoin Core fanatics that would have loved to use this as an opportunity to bring their rivals down, but instead, Fields used it as an opportunity to offer a lifeline, even though the risks to himself where apparent.
To conclude, in the words of Fields:
“The Bitcoin Cash vulnerability that I discovered was successfully disclosed and mitigated, and ultimately had no noticeable impact on the cryptocurrency. It would be a shame, though, if the ecosystem did not benefit from an analysis of such a substantial near-miss. As cryptocurrency developers, it is necessary to take a step back now and then to re-evaluate the tools at our disposal, as well as the policies and procedures that we put into place. We may not be able to eliminate the threat of bugs like these, but we can learn from them and be better prepared to handle them in the future.”