In association with heise online

17 May 2012, 17:00

DoS vulnerability in Bitcoin

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Bitcoin logo

The developers of Bitcoin, the anonymous digital currency system, have fixed a flaw in the system which allowed malicious users to perform denial of service (DoS) attacks on a victim's node, causing it to stop receiving updates from the Bitcoin network.

To send and receive payments, Bitcoin nodes encode the transfer information into blocks of data that get aggregated into a globally distributed block chain. Each transaction is cryptographically signed and linked to the previous one. For this system to work, the user's client needs to communicate with the global network frequently in order to keep up to date with the transactions that have happened since the last time it was online. If a node is isolated from the network for a significant amount of time, it can not initiate or receive transfers of bitcoins.

The developers have not yet explained how the vulnerability in the Bitcoin software can be exploited – they wish to give users sufficient time to patch their clients before releasing information that could be used by hackers to reverse engineer a working exploit. They have, however, released version 0.6.2 of the client which fixes the problem. Backports of the fix for versions 0.5.5 and 0.4.6 are also available. The developers have stated that the vulnerability cannot be used to compromise users' wallets.

The Bitcoin client is available for Windows, Mac OS X and Linux. Its source code is licensed under the MIT License.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit