Home / Archive / Bitcoin Core Supporter Threatens Zero Day Exploit if Bitcoin Unlimited Hardforks

Bitcoin Core Supporter Threatens Zero Day Exploit if Bitcoin Unlimited Hardforks

Last Updated March 4, 2021 4:55 PM
Andrew Quentson
Last Updated March 4, 2021 4:55 PM

Editor’s note: The article has been updated to remove references to Bitcoin Core contributor Eric Lombrozo, who has confirmed to CCN.com that he is not related to ‘ciphera‘, as reported erroneously at the time of publishing.

Tempers seem to be flaring in bitcoin land as some Bitcoin Core supporters threaten to attack the currency if the economic majority decides to increase transaction capacity through a hard-fork.

A person going by the handle of “ciphera” publicly stated  in a thread started by Chris Belcher, a bitcoin developer and strong supporter of Bitcoin Core:

“Running my fuzzer on the diffs BU have from Core, and have already some crashes. Hopefully some of them are exploitable. Going to collect as many zero-days to release at the most opportune time possible.”

He was replying to another user who stated “I will personally exploit any flaw in [Bitcoin Unlimited] and not disclose.”

Bug exploits threatened if Bitcoin Unlimited hardforks – image from reddit

The threat comes just days after another strong Bitcoin Core supporter, James Hilliard, aka Lightsword, operator of BitClub – a small pool with around 4% hardware share – used the mining hardware to attack the bitcoin network through transaction malleability.

Emin Gün Sirer‏, Cornell professor, commenting on the BitClub attack told CCN.com at the time:

“It’s disheartening to see attacks by miners on Bitcoin. Historically, miners have acted as guardians of the ecosystem, and have, with very very rare exceptions, refrained from engaging in activities that benefit themselves at the expense of others. This change portends of worse attacks to come, especially if there is a fork.”

Who is Ciphera?

This article wouldn’t have been newsworthy if two factors were not present. Firstly, in a leaked  conversation back in 2013 between Peter Todd and John Dillon, the latter stated:

“Every time anyone tried mining with [an alternative client], I’d use my knowledge of all the ways they are incompatible to fork them, making it clear they can’t be trusted for mining…. all I would have to do to keep them marginalized and the majority of hashing power using the approved official implementation is slip the odd consensus bug into their code.”

Ciphera’s Reddit handle was created around the same time and seems mainly focused on the blocksize question. Looking at his comment history, Ciphera appears to be a very strong supporter of Bitcoin Core, as is Ciphrex.

There is, however, no concrete evidence linking the two. Moreover, Ciphera’s github account names himself  as Karen Jorgenson, but there doesn’t appear to be any indication that any person with such name is openly involved in bitcoin.

Regardless, as an open source project with a bounty in billions open to any hacker across the globe, if the bitcoin clients have any bugs, it is a question of if, rather than when, they will be exploited.

A zero-day exploit would further handsomely enrich the hacker if he/she doesn’t get caught, so if one can be found despite the project being open source with many eyes on the code as well as many Bitcoin Unlimited developers – including current or former software engineers from internet/tech giants – then, again, it’s only a matter of time.

The attitude, however, suggests that instead of serving the bitcoin community by fixing any bugs, some appear to be taking a very confrontational view. If bitcoin can withstand it, then it can only strengthen the currency.

Image from Shutterstock.