Details are sketchy. CoinDesk first received word of the problem from core developer Jeff Garzik. “Currently dealing with an ongoing, network-wide event,” he told us in a hurried email.
Last Friday, he announced a forthcoming 0.8.3 release of the reference implementation. “This will fix a denial of service attack that affects some network nodes,” he said, adding that details would be released after the fix.
Garzik differentiates between miners and nodes in the Bitcoin network. Non-mining nodes are not revenue generating, but instead relay transactions on a voluntary basis, for the good of the network. These nodes can be a point of attack for those wanting to harm the bitcoin network.
He describes 51% attacks, which can be extremely costly and difficult to mount, as the lowest worry on his list. “Operationally, network attacks are far cheaper,” he said. “Any smart attacker is going to look for a cheaper way to attack bitcoin. Network attacks are one of the big worries right now.”
The source of the recent attack problem goes back to the original implementation of the bitcoin protocol and software by Satoshi Nakamoto. “Satoshi left lots of good ideas in the source code and we have to block those off,” he told us. “There was a feature that Satoshi added and never used, and an attacker was able to exploit that a bit.”
The original source code for Bitcoin is full of such half-finished features. There was even the beginning of a rudimentary eBay-style bitcoin market buried in the original code, which the core development team walled off because it was never finished.
The network attack is not ongoing, said Garzik, adding that the patch solved the network vulnerability.
Andreas M. Antonopoulos, a security and distributed systems expert in cryptocurrencies who runs bitcoin incubator RootEleven, argued that the fact most people didn’t know about the event demonstrated the resilience of the network.
“Have you had any problems with your bitcoin transactions? Neither have I,” he continued. “It’s a testament to the resilience and strength of the network that under a DDoS attack we haven’t seen that network go away.”