The identity of the man who – back in April – discovered a critical bug in one of the main Bitcoin Cash clients which would have split the currency in two has today been finally revealed. Step forward Cory Fields, surely the shyest hero in the blockchain industry!
Cory Fields is a relatively unknown Bitcoin Core developer, who has been with the project for five years, since joining via MIT’s Digital Currency Initiative. Cory is featured on several YouTube videos, sharing the stage with his peers, speaking with deep knowledge about such topics as blockchain technology, although clearly finding the task of public speaking somewhat torturous.
Bitcoin Cash Calamity Averted
Back in April, a vulnerability in the Bitcoin Cash (BCH) consensus which would surely have fatally harmed the network was discovered and reported to Bitcoin ABC by an unnamed Bitcoin Core developer. This weekend, that Bitcoin Core developer who spotted what proved to be a potentially devastating bug was revealed as Cory Fields.
On April 25, Fields anonymously and privately informed Bitcoin ABC that he believed the notorious SIGHASH_BUG was embedded within Bitcoin Cash. According to Fields, if the vulnerability had been successfully exploited it would have resulted in making all Bitcoin Cash transactions unsafe, therefore sabotaging what is currently the world’s fourth-largest cryptocurrency, behind only Bitcoin, Ethereum and Ripple.
Cory Fields Blows Whistle – On Himself
Ironically, after months of anonymity, it was Fields who chose to blow the whistle on himself, via his own blog, stating:
“On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies — not to be confused with Bitcoin. A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself.”
In the same blog, Fields took the opportunity to warn Bitcoin and Bitcoin Cash of the inherent dangers presented by malicious software, saying:
“I’m often asked at conferences and workshops what I consider to be Bitcoin’s greatest challenge in the future. My answer is always the same: avoiding catastrophic software bugs.”
Bitcoin ABC Release Statement
In a statement, Bitcoin ABC said that the bug would have indeed enabled a malicious hacker or “attacker” to create an incompatible transaction which – when subsequently mined – would have caused a fork. Here’s what Bitcoin ABC said:
“An attacker may construct a malicious transaction which would be accepted by Bitcoin-ABC 0.17.0 and mined into a block. This block would be rejected by all other versions of Bitcoin Cash compliant implementations. The malicious transaction would contain the bitflag of 0x20 set in the signature hash type.”
Bitcoin ABC seemed to want to underplay the severity of the potential disaster that had been averted, the SIGHASH_BUG would have caused a chain split, leading to major mining loses, and instigated a reversal of history, therefore throwing Bitcoin Cash into deep jeopardy.
However, Bitcoin ABC do admit to the potential severity of the bug in their parting statement:
“Bitcoin ABC will be taking several actions in order to prevent such an event from occurring again, as well as reduce the overall response time in the case of emergent issues in the future.”