The bitcoin world has been in something of a furore over an attack that, on Tuesday, took down most of the nodes running Bitcoin Unlimited – a controversial alternative version of the cryptocurrency’s code.
Though the exact details of the attack aren’t clear, here’s what we know: After a couple of bitcoin users posted the link to details of a bug exploit that could allow anyone to remotely crash Bitcoin Unlimited nodes, an unknown attacker used the method to take down over two-thirds of the devices.
A ‘hot fix‘ was released later that day, and by Wednesday, most nodes had popped back up.
The news comes a just couple of days after Bitmain’s AntPool announced that it would switch its mining pool to the alternative bitcoin software, bringing miner support one step closer to the 75% hashing power threshold needed to activate Bitcoin Unlimited’s rules.
Unsurprisingly, the event made a strong impression on the community, and both supporters and critics alike have been vocal in expressing their reactions to the event.
CoinDesk rounded up some of the more popular responses on Twitter (admittedly a platform that might over- rather than under-state divisions within the space) to see how developers and other bitcoin commentators reacted to the node outage.
For a general overview of the ongoing debate, read our easy explainer.
Following the bug exploit, Bitcoin Unlimited’s developer team, which introduced at least one other bug earlier this year, was an obvious target for criticism, but other factors and suggestions were raised too.
1. Developers at fault
Coinbase director of engineering Charlie Lee’s concern, raised in a tweetstorm, is what would happen if Bitcoin Unlimited were the primary software.
1/ Today’s Bitcoin Unlimited node crashing bug proves that users cannot trust Bitcoin’s $20B network in the hands of BU developers.
— Charlie Lee (@SatoshiLite) March 14, 2017
2/ First, having assert(0) triggered by untrusted inputs is amateurish. Arguably OK if it was a mobile ap. Not OK for nodes backing Bitcoin!
— Charlie Lee (@SatoshiLite) March 14, 2017
3/ Second, if BU devs practiced adversarial thinking, they wouldn’t have publicly disclosed this 0-day exploit themselves!
— Charlie Lee (@SatoshiLite) March 14, 2017
2. Lack of collaboration
Others also argued that the code was not well-tested.
BitGo engineer Jameson Lopp argued that only one developer reviewed the code change that led to the crash.
Side effect of insufficient collaboration during peer review process. Only one reviewer on the pull request. https://t.co/o5A8Imlp1s
— Jameson Lopp (@lopp) March 14, 2017
Another bitcoin developer argued that even a novice coder could have been the culprit.
3. Poor review process
“Mastering Bitcoin” author Andreas Antonopoulos argued that, rather than blame the developers, the review process needs to be tightened.
BU bug: This isn’t about individual competence. It’s about a process with diverse and laborious review, which catches bugs before production
— Andreas (@aantonop) March 15, 2017
Bugs like this pop up in Core code too. The important difference: they *never* make it to production releases. The QA process catches them
— Andreas (@aantonop) March 15, 2017
4. I don’t always…
Many accounts that are not associated with well-known, or known, people, also participate in the debate.
One such unknown Twitter user added to the “code was untested” sentiment with a meme.
@rogerkver pic.twitter.com/DGllJbnABD
— spiroseliot (@spiroseliot) March 15, 2017
5. Mining pool confusion
Chain product architect Oleg Andreev pointed to a comment from Blockstream CTO Greg Maxwell suggesting that mining pools that say they are running Bitcoin Unlimited might not be.
Greg Maxwell points out that killing 50% of BU nodes did not lead to the same drop in BU-signalling hashrate. (1/3) pic.twitter.com/f9ZsMDaXQb
— Oleg Andreev (@oleganza) March 14, 2017
6. Cover-up?
Lopp, among others, pointed to one developer trying to cover up the crash.
Disappointed to see doctored image (left) in @GAndrewStone‘s post about a BU vulnerability. Doesn’t even sum to 100% https://t.co/Byirt7eiCL pic.twitter.com/EArZwFSyOb
— Jameson Lopp (@lopp) March 14, 2017
Bitcoin Unlimited’s supporters generally took the stance that the software is a newer version and that mistakes are inevitable.
7. Core issues
Bitcoin investor Roger Ver linked to a piece written by one of Bitcoin Unlimited’s developers about some of the bugs they’ve allegedly discovered in the Bitcoin Core codebase.
“Normally, in Bitcoin Unlimited when we find a Core bug we just fix it and move on” https://t.co/cqQaIm5FZJ
— Roger Ver (@rogerkver) March 14, 2017
8. Satoshi’s bugs
Along those lines, Blockchain security and privacy engineer Kristov Atlas pointed out that bitcoin saw a number of bugs in its early days.
A few of the security vulns in the Satoshi-based over the years https://t.co/QwMbyebPqR
— Kristov Atlas (@kristovatlas) March 15, 2017
It’s unremarkable that Bitcoin Unlimited is going through some growing pains with bugs. 1/
— Kristov Atlas (@kristovatlas) March 15, 2017
Further, the exploit could encourage new programmers to join the Bitcoin Unlimited ranks and help out, he suggested.
I’ve already casually come across several people volunteering in last 24 hours to start reviewing the BU codebase for 1st time — good start.
— Kristov Atlas (@kristovatlas) March 15, 2017
9. What about the attacker?
To others, it seems like the attacker was getting off too easily. Whoever he or she is, deserves more blame, suggested Bitcoin Unlimited developer Tom Harding.
Surely you mean don't rely on the kindness of strangers. Network attackers are not some kind of heroes. https://t.co/SgPrty3lzG
— Tom Harding (@dgenr818) March 15, 2017
10. Strength in numbers
Many argued that the potential fragility of individual bitcoin implementations is a sign that there is strength in having more than one version of bitcoin.
@SatoshiLite It only proves we need multiple implementations. Having most of the network running a single implementation is reckless.
— dagur (@dagur) March 14, 2017
11. The ethereum approach
On a similar note, Ethereum Foundation blockchain consultant Hudson Jameson, a representative from ethereum, a blockchain known for its multiple implementations, even jumped in.
After the BU incident, should Bitcoin implement clients based on a spec rather than based on a reference client? https://t.co/FjgaIZkCtR
— Hudson Jameson (@hudsonjameson) March 15, 2017
12. Take a balanced view
Last, but not least, Abra’s John Light urged for less divisive discussion on social media.
Once upon a time, Core caused a fork that lasted for several hours and cost $$$$$ before resolution. Stay humble in face of BU fuckups.
— John Light (@lightcoin) March 15, 2017
This was under different leadership, and a lot more is on the line now, but still, stones and glass houses and all. Hard work > shitposting.
— John Light (@lightcoin) March 15, 2017
Mud image via Shutterstock