Experts regularly warn about potential fraud in cryptocurrencies, even as these digital currencies become increasingly secure. Recently, industry specialists did not point to malware but to a flaw within the system itself that criminals could have exploited.
Security researchers trace the bug back to September 2017
At the beginning of the month, technology portal Heise and other specialists highlighted a Bitcoin bug that would have been a boon for users with criminal intent—if they had known about the flaw in Bitcoin’s blockchain. Current reports indicate the bug has existed since September 2017. Had it become public, the consequences could have been serious. Experts say it could have enabled a so-called double-spend: the flaw allowed balances to be withdrawn twice instead of once. Under normal blockchain operation, various nodes communicate to prevent this kind of duplication.
Double-withdrawal risk was only part of the problem
The flaw was located in the cryptocurrency’s validation code, meaning misunderstandings during routine internal checks of blockchain transactions could theoretically have led to duplicate payouts. However, not every user would have been able to profit from this; globally operating miners and mining farms would have been in a position to manipulate blocks with sufficient effort. According to Heise, the bigger concern was not merely potential financial loss. More worrying was the possibility of creating illicit blocks that would remain permanently part of the blockchain. Retroactive corrections are impractical because each block is linked to its predecessor in the chain.
Sources of error are being gradually corrected
For many insiders, the bug could even have posed an existential threat to Bitcoin, which remains the most important token. Although the discussion has been largely hypothetical, it highlights an important point: there is still room for improvement to make cryptocurrencies like Dash or, in this specific case, Bitcoin safer for users. It is encouraging that the bug was discovered now and that no major criminal interventions appear to have taken place. Over recent years, developers have already resolved many complications and continue to strengthen the security and resilience of blockchain systems.