pull down to refresh

The 7.5 rated bug that ain't getting fixed
215 sats \ 6 comments \ @0xbitcoiner 20 Mar bitcoin
This bug was made public in 2023 by satoshihunter1. It lets an attacker change the recipient’s Bitcoin address directly in Bitcoin Core’s memory, redirecting the funds to an address they control.

Why won’t this bug be fixed?

From what I’ve read and understand, this bug can’t be fixed because it’s a vulnerability at the lowest level of the operating system. For it to be exploited, the computer already needs to be infected with malware that lets an attacker read and modify Bitcoin Core’s memory.

Lesson to learn

Don't use the same computer/phone where you store your Bitcoin wallet for random stuff, installing whatever you want. Keep those devices clean, don’t mess around with serious things.
write
preview
related posts
50 sats \ 2 replies \ @028559d218 20 Mar
My understanding is that this is why you use a hardware wallet, or hardware wallet 'interface' to send and receive.
That way the attack surface is minimal for when you actually sign and broadcast a transaction. Do I understand this right?
reply
0 sats \ 1 reply \ @0xbitcoiner OP 20 Mar
I'm not sure if hardware wallets really solve this problem. And don’t forget, there are situations where you just can’t use a hardware wallet, like at market stalls or other point-of-sale places.
reply
21 sats \ 0 replies \ @028559d218 20 Mar
For PoS or market stalls... you are using Lightning anyway no? And for that some phone apps or mobile apps are best.
My understanding is that users don't typically use the built-in node wallet for their funds, or only temporarily or small amounts. And it's not portable anyway so...
reply
0 sats \ 2 replies \ @DarthCoin 20 Mar
the computer already needs to be infected with malware
windows shit...
reply
0 sats \ 1 reply \ @0xbitcoiner OP 20 Mar
This isn’t just a Windows problem. You gotta be really careful with the Linux versions you install. I’m not sure how easy it is to sneak in malware, but on Windows, it can happen in two ways: either it comes pre-infected from Microsoft, or the user installs the malware themselves.
With Linux, since it’s open-source and you can compile your own version, it can also be pretty vulnerable. I don’t trust just any Linux version!
reply
0 sats \ 0 replies \ @DarthCoin 20 Mar
yeah but your conclusion is 100% the punch line. Perfect explained.
Don't use the same computer/phone where you store your Bitcoin wallet for random stuff, installing whatever you want. Keep those devices clean, don’t mess around with serious things.
Only stupid clueless noobs are doing such things and get malwared.
reply