COINOTAG news from September 20 reports that Bitcoin Core developers have issued a significant high-risk warning. According to Protos, one in six Bitcoin nodes may be vulnerable due to software issues. The open-source Bitcoin Core project, which maintains software for over 98% of Bitcoin’s reachable full nodes, recently identified major security concerns in about 17% of the network’s nodes. Specifically, all versions of the software before Bitcoin Core 24.0.1 are vulnerable.
Bitnodes estimates indicate that this denial-of-service vulnerability potentially impacts around 3,330 of the 19,200 self-reported Bitcoin full nodes. In versions preceding 24.0.1, attackers can exploit low-difficulty header chains to spam nodes, causing excessive bandwidth or storage use and potentially crashing the nodes. The vulnerability was addressed in Bitcoin Core pull request 25717 and resolved with the release of v24.0.1 on December 12, 2022.
The latest Bitcoin Core version 27.1 has implemented fixes for this and other vulnerabilities. While the issue is serious, there have been few documented cases of exploitation due to the high cost associated with launching a denial-of-service attack, providing little financial incentive for attackers.