Security Issue Troubles New Bitcoin Core Release


The Bitcoin economy started out small and it all began with the release of the Bitcoin Core client. Bitcoin Core is the open source client for the entire Bitcoin network. The main job of the client is to decide which block chain contains valid transactions. This ensures that Bitcoin remains decentralized by validating a single block chain as the one to consult when it comes to processing transactions.

Originally released by Satoshi Nakamoto under the Name “Bitcoin,” it was later renamed to Bitcoin Core to set it apart from other clients. Coming with an in-built wallet, the client has been a mainstay of the Bitcoin scene. Though Nakamoto has given up development, the job has been taken over by an expert team that delivers new versions to improve the experience. Currently, the version in the wild is 0.12.1, but that will soon change.

New ‘core’ changes

The client will be seeing a new release in a few days. Version 0.13.0 will be bringing a few much-needed changes for the client.

First of all, because of the number of increasing transactions, the client will be using the “Child Pays for Parent” (CPFP) policy. Used by miners to select which transactions to include in blocks, this will group the most profitable set of transactions to be processed in terms of fees. This ensures that transaction with higher fees can be processed faster.

Secondly, compact block support is added to reduce excess data-transmission. This is hoped to help reduce network delays. Further additions improve performance and security options for those using the client.

In addition to the security changes, the client will be the first step toward Gitian building. An evolution of the old open-source way of developing the Bitcoin Core client, it uses Gitian as its development tool. The app is an open source software program that creates a virtual space to compile binaries for Bitcoin Core, completely free of any variables ensuring the binaries turn out exactly the same. This makes it easier to develop future updates.

Risky release

However, despite all of these changes, the Bitcoin Core team is a bit worried. There have been rumblings about a potential attack on the release. The team recently released a warning to people who are hoping to download the 0.13.0 release:

“Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state-sponsored attackers… This malicious software (compromised Bitcoin Core binaries) might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.”

The reference to the Chinese services is a reference to the possible source of the attack. The Chinese government has become increasingly unfriendly to Bitcoin and the team suspects that the release of a critical part of infrastructure would give the Chinese a tempting target.

To prevent anything going wrong, the Bitcoin Core binaries will be released with a cryptographically signature. The key to this signature belongs to Bitcoin Core maintainer, Wladimir J van der Laan. Users will need to verify their download using the key provided on the website as well as from other sources to ensure that it is authentic. Hopefully, this will be enough ensure the release will go smoothly.