Bitcoin Core Discloses Two Security Vulnerabilities

August 1, 2024 Bitcoin.com

Bitcoin Core’s Latest Optech Newsletter Urges Upgrade to Version 25.0, Discusses New Vulnerability Disclosure Policy

June 10, 2024 Bitcoin.com

Jameson Lopp’s Bitcoin Testnet ‘Griefing’ Stirs Controversy

April 30, 2024 Bitcoin.com

Bitcoin Ordinals could be stopped if blockchain bug is patched, claims dev

December 6, 2023 Coin Telegraph

Bitcoin Core

A Bitcoin Core developer claimed Bitcoin Ordinals exploit a vulnerability allowing inscribers to bypass data size limits, which could soon be fixed.

A bug fix on the Bitcoin network could put a stop to new Bitcoin Ordinals and BRC-20 tokens as they’re causing network congestion by “exploiting a vulnerability,” claims a Bitcoin Core developer.

In a Dec. 6 X (Twitter) post, developer Luke Dashjr said inscriptions — used by Ordinals and BRC-20 creators to embed data on satoshi’s — exploit a Bitcoin Core vulnerability to “spam the blockchain.”

He explained the Bitcoin Core code has allowed users to set limits on the size of extra data in transactions since 2013, but “by obfuscating their data as program code, inscriptions bypass this limit.”

PSA: “Inscriptions” are exploiting a vulnerability in #Bitcoin Core to spam the blockchain.
— Luke Dashjr (@LukeDashjr) December 6, 2023

The bug allowing inscriptions to bypass this limit was recently fixed in the latest update to Bitcoin Knots, a Bitcoin Core derivative with less tested or untested features backported from and sometimes maintained outside of the core code.

Another X user asked if Ordinals and BRC-20 tokens “would stop being a thing” if the vulnerability was fixed to which Dashjr replied, “Correct.” Existing inscriptions would still remain.

"Bitcoin Core is still vulnerable in the upcoming v26 release," he said.

On Dec.

We are happy to announce testing of Bitcoin Knots v25.1 has completed successfully, and is now deployed to production.
Read more

Lightning Network faces criticism from pro-XRP lawyer John Deaton

October 22, 2023 Coin Telegraph

Bitcoin Core

John Deaton’s remarks come amid concerns about alleged backdoors in the Bitcoin Lightning Network’s code.

Lawyer and cryptocurrency supporter John Deaton has criticized the Lightning Network, deeming it less effective than the “Spend The Bits” protocol on the XRP Ledger (XRPL). Lightning is a layer-2 scaling solution for Bitcoin. It is designed to improve the scalability and efficiency of Bitcoin (BTC) transactions by enabling off-chain, peer-to-peer transactions.

In an Oct. 21 X (formerly Twitter) post, Deaton revealed he is an angel investor in Spend the Bits, as well as its chief legal officer.

Deaton previously touted Spend The Bits as an alternative to Lightning on the Bitcoin blockchain. In September, the pro-XRP (XRP) attorney commended the protocol, characterizing it as a more secure method for using your Bitcoin than Lightning.

Let me be clear and transparent: I am now involved in @Spend_The_Bits as an angel investor and serve as its Chief Legal Officer. Therefore, please accept my comments with that in mind. But a major reason I invested in @Spend_The_Bits, or stated more accurately, invested in… https://t.co/aheyTxjGxp
— John E Deaton (@JohnEDeaton1) October 21, 2023

Deaton’s Saturday disclosure was well-timed, aligning with an X post from the online crypto investigator WhaleWire. This tweet raised concerns about a recent discovery in Lightning indicating a significant security vulnerability that prompted a developer to withdraw from the project.

As per the tweet, the developer alleged the presence of deliberate vulnerabilities in the Lightning Network's code, which could potentially provide attackers with complete network control. Notably, major backers of the Lightning Network encompass Tether, Bitfinex, and BlockStream. This claim has raised inquiries and apprehensions regarding the network's security and trustworthiness.

At present, the Lightning Network can handle transactions involving just 5,338 BTC, as reported by 'IML,' constituting only 0.025% of Bitcoin's total supply. This significant trend has sparked doubts regarding the network's resilience and long-term viability. Furthermore, this alarming figure is worsened by a recent 15% reduction in the capacity of the Layer 2 payment protocol over the past approximately three months.

Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon

Bitcoin core developer steps back from Lightning Network over “hard dilemma”

October 21, 2023 Coin Telegraph

<div>Bitcoin core developer steps back from Lightning Network over

" title="

Bitcoin core developer steps back from Lightning Network over "hard dilemma"

"/>

Bitcoin Core

Antoine Riard believes the Bitcoin community faces a "hard dilemma" as a new class of replacement cycling attacks threatens the Lightning Network.

Security researcher and developer Antoine Riard is stepping down from the Lightning Network’s development, citing security issues and fundamental challenges to the Bitcoin ecosystem.

According to a thread on the Linux Foundation’s public mailing list, Riard believes the Bitcoin community faces a "hard dilemma" as a new class of replacement cycling attacks puts Lightning in a "perilous position."

How does a lightning replacement cycling attack work?

There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here's an illustrated primer...

1/n pic.twitter.com/mvvS8bEc5f
— mononaut (@mononautical) October 21, 2023

The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain, peer-to-peer transactions.

Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack targets these payment channels. It is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools. According to Riard:

"I think this new class of replacement cycling attacks puts lightning in a very perilous position, where only a sustainable fix can happen at the base-layer, e.g adding a memory-intensive history of all-seen transactions or some consensus upgrade. Deployed mitigations are worth something in face of simple attacks, though I don't think they're stopping advanced attackers as said in the first full disclosure mail."

Riard also noted that addressing the new type of attack may require changes to the underlying Bitcoin network:

"Those types of changes are the ones necessitating the utmost transparency and buy-in of the community as a whole, as we're altering the full-nodes processing requirements or the security architecture of the decentralized bitcoin ecosystem in its integrality."

Lightning developers grapple with challenges, including criticisms surrounding the network’s complexity and the demands placed on user experience. Since its inception in 2018, the layer-2 network has gained popularity, with a total value locked reaching $159.5 million at the time of writing, according to data from DefiLlama. However, this figure is still very modest when compared to Bitcoin's $587 billion market capitalization.

Riard plans to focus now on Bitcoin core development, but warned about upcoming challenges for the major cryptocurrency ecosystem:

"On the other hand fully explaining why such changes would be warranted for the sake of lightning and for designing them well, we might need to lay out in complete state practical and critical attacks on a ~5 355 public BTC ecosystem. Hard dilemma. There might be a lesson in terms of bitcoin protocol deployment [...]"

Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon

UK court grants appeal from Craig Wright in Bitcoin rights lawsuit

July 21, 2023 Coin Telegraph

Bitcoin Core

The decision reverses a prior ruling, allowing Craig Wright to appeal a lawsuit claiming copyright to the Bitcoin white paper and database.

A British court granted an appeal on July 20 that gave Craig Wright the right to argue in litigation that the Bitcoin file format is well-defined enough to qualify for copyright protection.

Wright, who since 2016 has claimed to be the inventor of Bitcoin (BTC), launched a lawsuit against 13 Bitcoin Core developers and a group of companies, including Blockstream, Coinbase and Block, alleging violation of his copyright to the Bitcoin white paper, its file format and database rights to the Bitcoin blockchain.

The decision reversed a ruling from February that considered Wright’s arguments insufficient to show how the Bitcoin file format was first recorded, a concept known as fixation in copyright law.

“The Claimants may consider themselves unlucky to have had their application for leave to serve out come before a Judge with at least some understanding of the technology involved here," reads the decision from February, refusing permission to appeal. With this week’s reversal, Wright reopens the discussion on the case.

In a tweet on July 20, Wright wrote, without mentioning the decision: “The legal protection of intellectual property is necessary to ensure the rights of creators and innovators and to encourage the production of new ideas, inventions, and creative works."

*England and Wales Court of Appeal's decision on July 20. Source: BAILII*

The Bitcoin Legal Defense Fund (BLDF), the developers’ legal representative, argues that Wright hasn’t been able to prove that he is Satoshi Nakamoto, the pseudonymous creator of the Bitcoin white paper and database.

“Wright has claimed to be Satoshi since at least 2016 without providing a shred of evidence to back up this claim," BLDF noted in a statement, adding that Wright must prove to be Satoshi Nakamoto “before the courts can make a decision on the three primary claims named in the lawsuit." The case is expected to go to trial in early 2024.

The Bitcoin code is open-sourced and freely distributed under the Massachusetts Institute of Technology license, meaning that users have the right to reuse the code for any purpose, including in proprietary software. Wright has argued, however, that the Bitcoin Core developers represent a “Bitcoin Partnership," allegedly a centralized entity that controls the Bitcoin network.

“They seem to be trying to muddy the waters and make it seem like Bitcoin development is a centralized process controlled by a few people, which is a key argument for their lawsuit," a spokesperson from BLDF told Cointelegraph.

According to BLDF, the fact that courts in the United Kingdom are allowing his arguments to be heard is extremely concerning — not just for the crypto community but for the whole world. “It sets a dangerous precedent where developers can be sued for violating the file format of open source software that someone else claims to have created," it said.

Magazine: Ordinals turned Bitcoin into a worse version of Ethereum — Can we fix it?

Bitcoin aligns with Swiss values – Head of Lugano’s Plan ₿

July 10, 2023 Coin Telegraph

Bitcoin Analysis

Switzerland continues to drive Bitcoin adoption despite well-developed traditional financial infrastructure.

Switzerland has long been a haven for the wealthy due to its well-established banking secrecy laws, but its citizens have warmed quickly to the self-sovereign ideals behind Bitcoin (BTC).

Giw Zanganeh, head of Lugano’s Plan ₿ initiative, highlighted the growing use of Bitcoin for everyday payments in the Swiss city in conversation with Cointelegraph journalist Joe Hall at the Plan ₿ Bitcoin Summer School.

Giw Zanganeh, head of Lugano’s Plan ₿ initiative, chats to Cointelegraph's Joe Hall at the Plan B Summer School in Lugano.

Lugano has emerged as an adoption hub for Bitcoin, Tether and its self-styled LVGA stablecoin which can be used to pay for a variety of utility bills, goods and services across the city.

Zanganeh, who head’s up Tether’s Plan ₿, believes that Switzerland has shown remarkable adoption of cryptocurrencies despite its renowned financial and banking infrastructure:

“What I see is a society, which makes me very bullish, a lot of people are interested in Bitcoin, from a philosophical perspective as well. It aligns very well with Swiss values.”

Zanganeh added that the Swiss are typically “strong on individual sovereignty and financial privacy”, which creates overlaps between the values of Swiss culture and those of the Bitcoin movement:

“Considering the amount of Bitcoin-only companies in Switzerland,it probably has one of the highest density per capita of Bitcoin-only companies around the world.”

According to Zanganeh, more politicians, diplomats and members of parliament and Switzerland’s financial commission are becoming Bitcoiners which reaffirms a bullish outlook for BTC adoption in the country.

A contributor to increased Bitcoin usage has been a concerted effort to inform and educate the Swiss populace about the merits of BTC:

“We have regular articles in newspapers where we touch on different aspects of Bitcoin and financial liberty. We try to reach people interested in financial freedom and freedom of speech. Maybe they don't know how Bitcoin plays a role there.”

While the uptake of Plan ₿’s Bitcoin adoption is a “gradual process”, Zanganeh said that the onboarding of merchants across Lugano has been crucial in opening up a new payments paradigm in the region.

Likening the process of Bitcoin adoption to the initial proliferation of bank cards some 50 years ago, Zanganeh said that practical experience with novel transactional methods will continue to onboard more users to the Bitcoin ecosystem:

“If you look at merchants over time, if more and more people go and pay with Bitcoin, you're going to learn.”

As Cointelegraph previously explored, Bitcoin Suisse CEO Dr. Dirk Klee highlighted the country’s potential as a center point for institutional cryptocurrency adoption.

The Canton of Zug is another region of Switzerland that continues to attract cryptocurrency and blockchain firms due to its progressive, government-backed, crypto-friendly initiatives.

The interview is part of an upcoming Cointelegraph documentary about what it’s like to attend a Bitcoin School. Subscribe here (https://www.youtube.com/@cointelegraph) to watch.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books

Wife of Hal Finney announces Bitcoin charity event

December 27, 2022 Coin Telegraph

Bitcoin Community

She said that the event seeks to raise funds to provide assistance for victims of ALS.

Fran Finney, the wife of crypto pioneer Hal Finney, has announced a charity event to benefit victims of amyotrophic lateral sclerosis (ALS). Discussing the event on Twitter, Finney encouraged Bitcoin users to run a half marathon and share their experiences on social media between January 1 and January 10, 2023, to help raise funds to fight the disease.

https://t.co/xpcvzCmtMd Hi everyone, this is Fran Finney, wife of Hal Finney, an early pioneer of Bitcoin. I want to let you know about a special event I'm organizing in honor of my husband. Thank you for all your interest in Hal and your support... he would love it! 1/5
— halfin (@halfin) December 27, 2022

The announcement was made by Fran Finney, using Hal Finney’s official Twitter account. The account had previously been reactivated by her in order to save it from Twitter’s purge of old accounts.

Running Bitcoin — so called after the first-ever Bitcoin tweet, which was made by Hal Finney just a few days after Bitcoin went live in 2009 — is being held in cooperation with the ALS Association Golden West Chapter. According to its website, the organization provides equipment loans and educational materials to people who live with ALS.

Running bitcoin
— halfin (@halfin) January 11, 2009

The charity said itis seeking to raise funds from the event by offering official “Running Bitcoin” t-shirts and rare Hal Finney collectibles to some contributors.

Hal Finnney was an early pioneer of cryptocurrencies. In 2004, he created Reusable Proof of Work (RPOW), a system that allowed Hashcash coins to be reused by recipients. RPOW is often seen as a type of proto-cryptocurrency, although it used a central server instead of a decentralized network.

Finney also contributed code to the Bitcoin codebase in 2008 and early 2009, before it was released to the public in January 2009. He was the recipient of the first ever Bitcoin transaction, in which Satoshi Nakamoto sent him 10 Bitcoin.

Hal Finney was an avid runner for much of his life before his diagnosis with ALS in August 2009. Following a multi-year battle with the disease, he was cryonically preserved in 2014.

Microstrategy Is Seeking a Full-Time Lightning Network Engineer to Build a SaaS Platform

September 30, 2022 Bitcoin.com

Bitcoin Core

Share this video