Pentagon finds concerning vulnerabilities on blockchain \ stacker news ~bitcoin

pull down to refresh

Pentagon finds concerning vulnerabilities on blockchain www.techrepublic.com/article/pentagon-finds-concerning-vulnerabilities-on-blockchain/amp/

412 sats \ 15 comments \ @moon 29 Jun 2022 bitcoin

view all related items

124 sats \ 1 reply \ @Majjin 29 Jun 2022

This is based on the Trail of Bits report. Here's a counter to the report if anyone is interested: https://www.swanbitcoin.com/fact-check-darpa-funded-report-on-blockchain-centralization

20 sats \ 0 replies \ @cryptocoin 29 Jun 2022

Yup! Thank you for sharing that. There's also a post, here on SN, with it:

Fact Check: DARPA Funded Report on Blockchain Centralization #38531 https://www.swanbitcoin.com/fact-check-darpa-funded-report-on-blockchain-centralization/

47 sats \ 1 reply \ @faithandcredit 29 Jun 2022

These are some of the findings other than whats been mentioned already

Mining pools don't ask for passwords when pointing hashrate toward them
20% of bitcoin nodes run versions with known vulnerabilities

18 sats \ 0 replies \ @nerd2ninja 29 Jun 2022

Nodes not being updated is irrelevent. When you run a full node, if a vulnerable node communicates bad blocks to you, they get ignored because the chain with the most work is the one that gets accepted.

Mining pool passwords are for submitting blocks to the pool. Maybe this can be used to steal a miners Bitcoin? But can't see how it could be used to forge bad blocks or select for empty blocks or anything worthwhile as an attack. Maybe log into everyone's accounts and change everyone's passwords so no one can submit blocks while you get a 51% attack off? File that under shit that only works once though.

12 sats \ 2 replies \ @faithandcredit 29 Jun 2022

Btw. are we just going to ignore that Pentagon is doing bitcoin security research? :) Thanks!

12 sats \ 0 replies \ @falsefaucet 30 Jun 2022

i believe it was DARPA specifically who commissioned the report

5 sats \ 0 replies \ @go 29 Jun 2022

"Pentagon", yes. Apparently they're not qualified to do it themselves. Too many metals and badges dragging them down

31 sats \ 3 replies \ @moon OP 29 Jun 2022

Trail of Bits says that it only takes four entities to disrupt Bitcoin and only two to disrupt Ethereum. Additionally, 60% of all Bitcoin traffic moves through just three ISPs.

57 sats \ 2 replies \ @zuspotirko 29 Jun 2022

Funny that they never mention how much of the internet relies on how few ISPs when they talk about other critical infrastructure

...such as the electrical grids, tap water and sewer plants, parts of the military, VoIP for the police, the whole traditional banking industry.....

1 sat \ 1 reply \ @2big2fail 29 Jun 2022

yes really they have found internet vulnerabilities which are also bitcoin and every other internet infrastructure vulnerabilities

26 sats \ 0 replies \ @random_ 29 Jun 2022

https://www.businessinsider.com/akamai-dominates-internet-infrastructure-2014-2?op=1

It's worse than you think.

12 sats \ 0 replies \ @Caleb 29 Jun 2022 freebie

BIP 324 adds p2p encryption: https://bip324.com/

7 sats \ 1 reply \ @PCTV 29 Jun 2022 freebie

This is the same Pentagon that just had a gaping hole in the side of its building?

0 sats \ 0 replies \ @premitive1 3 Jul 2022

just had?

0 sats \ 0 replies \ @nerd2ninja 29 Jun 2022

Now this is interesting as fork. This is gonna be on my mind for a looooong time.