Bitcoin: Outdated software creating invalid cryptocurrency

Running out-of-date software is risky if you value security, but running outdated bitcoin software can create invalid currency; many bitcoin wallets using outdated software are “currently vulnerable to double-spending of confirmed transactions,” a bitcoin warning states. “Almost all software (besides Bitcoin Core 0.9.5 and later) will accept these invalid blocks under certain conditions.” warned that some bitcoin miners are using outdated software which just assumes the blocks are valid instead of checking them. “All software that assumes blocks are valid (because invalid blocks cost miners money) is at risk of showing transactions as confirmed when they really aren’t. This particularly affects lightweight (SPV) wallets and software such as old versions of Bitcoin Core which have been downgraded to SPV-level security by the new BIP66 consensus rules.”

The warning states:

Early morning UTC on 4 July 2015, the 950/1000 (95%) threshold was reached. Shortly thereafter, a small miner (part of the non-upgraded 5%) mined an invalid block–as was an expected occurrence. Unfortunately, it turned out that roughly half the network hash rate was mining without fully validating blocks (called SPV mining), and built new blocks on top of that invalid block.

Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far.

The “fix” is to get all miners off of Simplified Payment Verification (SPV) mining as “lightweight (SPV) wallets are not safe for less than 30 confirmations until all the major pools switch to full validation.” Additionally, since web wallets run varying infrastructure, “unless you know for sure that they use Bitcoin Core 0.9.5 or later for full validation, you should assume they have the same security as the lightweight wallets.”

Bitcoin – not diamonds

Originally appeared at: