The provided text outlines a detailed timeline of vulnerabilities and exposures in Bitcoin software and protocols, highlighting the evolution of security issues over time. Below is a summarized breakdown:
Key Vulnerabilities in Bitcoin History
- Early Protocol Issues:
- Pre-BIP changes affected all Bitcoin clients, leading to potential network splits (Netsplit) and requiring hardforks and softforks to resolve[1].
- CVE-2010-5139 allowed an inflation attack where 184 billion BTC were minted due to a combined output overflow. This required a rollback of the blockchain[2].
- Software Bugs:
- CVE-2010-5141 enabled theft through OP_RETURN, allowing any output to be spent[1].
- CVE-2012-2459 caused Netsplits via block hash collisions[1].
- CVE-2018-17144 exposed vulnerabilities in transaction validation, enabling inflation attacks through duplicate inputs[1][2].
- Denial-of-Service (DoS) Attacks:
- Multiple DoS vulnerabilities were identified, such as CVE-2010-5137 (OP_LSHIFT crash), CVE-2013-2293 (continuous hard disk seek), and CVE-2024-34149 (script size limit bypass)[1].
- Resource exhaustion attacks targeted memory and CPU, including CVE-2012-4683 (CPU exhaustion using alerts) and CVE-2024-34149 (OOM via fake block headers)[1].
- Exposure Risks:
- Early wallets lacked encryption (CVE-2011-4447), exposing private keys[6].
- Predictable outputs and remote discovery of wallet addresses were noted in CVE-2013-2272 and CVE-2013-2273[1].
- Social Engineering and Theft:
- Social vulnerabilities like CVE-2020-14199 exploited double-signing for unintended fees[1].
- RPC authentication flaws enabled local theft risks (e.g., CVE-2013-4165)[1].
- Protocol Forks:
- Softforks like BIP 16, BIP 34, BIP 141 (SegWit), and Taproot introduced stricter rules for transaction validation but also revealed new attack surfaces[1][2].
Recent Developments
More recent vulnerabilities include:
- CVE-2023-50428 bypassing datacarrier size limits using OP_FALSE, OP_IF.
- Upcoming threats in 2024 targeting Bitcoin Core/Knots versions with DoS attacks via malicious URIs or infinite loops in P2P communication[1].
Summary
Bitcoin’s security has improved significantly over time, but its history is marked by critical vulnerabilities ranging from inflation exploits to denial-of-service attacks and wallet exposures. Continuous updates to software protocols and community vigilance have mitigated many risks, though emerging threats remain a concern.
| CVE | Announced | Affects | Severity | Attack is… | Flaw | Net |
|---|---|---|---|---|---|---|
| Pre-BIP protocol changes | n/a | All Bitcoin clients | Netsplit[1] | Implicit[2] | Various hardforks and softforks | 100% |
| CVE-2010-5137 | 2010-07-28 | wxBitcoin and bitcoind | DoS[3] | Easy | OP_LSHIFT crash | 100% |
| CVE-2010-5141 | 2010-07-28 | wxBitcoin and bitcoind | Theft[4] | Easy | OP_RETURN could be used to spend any output. | 100% |
| CVE-2010-5138 | 2010-07-29 | wxBitcoin and bitcoind | DoS[3] | Easy | Unlimited SigOp DoS | 100% |
| CVE-2010-5139 | 2010-08-15 | wxBitcoin and bitcoind | Inflation[5] | Easy | Combined output overflow | 100% |
| CVE-2010-5140 | 2010-09-29 | wxBitcoin and bitcoind | DoS[3] | Easy | Never confirming transactions | 100% |
| CVE-2011-4447 | 2011-11-11 | wxBitcoin and bitcoind | Exposure[6] | Hard | Wallet non-encryption | 100% |
| CVE-2012-1909 | 2012-03-07 | Bitcoin protocol and all clients | Netsplit[1] | Very hard | Transaction overwriting | 100% |
| CVE-2012-1910 | 2012-03-17 | bitcoind & Bitcoin-Qt for Windows | Unknown[7] | Hard | Non-thread safe MingW exceptions | 100% |
| BIP 0016 | 2012-04-01 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: P2SH | 100% |
| CVE-2012-2459 | 2012-05-14 | bitcoind and Bitcoin-Qt | Netsplit[1] | Easy | Block hash collision (via merkle root) | 100% |
| CVE-2012-3789 | 2012-06-20 | bitcoind and Bitcoin-Qt | DoS[3] | Easy | (Lack of) orphan txn resource limits | 100% |
| CVE-2012-4682 | bitcoind and Bitcoin-Qt | DoS[3] | 100% | |||
| CVE-2012-4683 | 2012-08-23 | bitcoind and Bitcoin-Qt | DoS[3] | Easy | Targeted DoS by CPU exhaustion using alerts | 100% |
| CVE-2012-4684 | 2012-08-24 | bitcoind and Bitcoin-Qt | DoS[3] | Easy | Network-wide DoS using malleable signatures in alerts | 100% |
| CVE-2013-2272 | 2013-01-11 | bitcoind and Bitcoin-Qt | Exposure[6] | Easy | Remote discovery of node’s wallet addresses | 99.99% |
| CVE-2013-2273 | 2013-01-30 | bitcoind and Bitcoin-Qt | Exposure[6] | Easy | Predictable change output | 99.99% |
| CVE-2013-2292 | 2013-01-30 | bitcoind and Bitcoin-Qt | DoS[3] | Hard | A transaction that takes at least 3 minutes to verify | 0% |
| CVE-2013-2293 | 2013-02-14 | bitcoind and Bitcoin-Qt | DoS[3] | Easy | Continuous hard disk seek | 99.99% |
| CVE-2013-3219 | 2013-03-11 | bitcoind and Bitcoin-Qt 0.8.0 | Fake Conf[8] | Miners[9] | Unenforced block protocol rule | 100% |
| CVE-2013-3220 | 2013-03-11 | bitcoind and Bitcoin-Qt | Netsplit[1] | Hard | Inconsistent BDB lock limit interactions | 99.99% |
| BIP 0034 | 2013-03-25 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: Height in coinbase | 100% |
| BIP 0050 | 2013-05-15 | All Bitcoin clients | Netsplit[1] | Implicit[2] | Hard fork to remove txid limit protocol rule | 99.99% |
| CVE-2013-4627 | 2013-06-?? | bitcoind and Bitcoin-Qt | DoS[3] | Easy | Memory exhaustion with excess tx message data | 99% |
| CVE-2013-4165 | 2013-07-20 | bitcoind and Bitcoin-Qt | Theft[10] | Local | Timing leak in RPC authentication | 99% |
| CVE-2013-5700 | 2013-09-04 | bitcoind and Bitcoin-Qt 0.8.x | DoS[3] | Easy | Remote p2p crash via bloom filters | 99% |
| CVE-2014-0160 | 2014-04-07 | Anything using OpenSSL for TLS | Unknown[7] | Easy | Remote memory leak via payment protocol | Unknown |
| CVE-2015-3641 | 2014-07-07 | bitcoind and Bitcoin-Qt prior to 0.10.2 | DoS[3] | Easy | OOM via p2p | 99.9% |
| BIP 66 | 2015-02-13 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: Strict DER signatures | 99% |
| BIP 65 | 2015-11-12 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: OP_CHECKLOCKTIMEVERIFY | 99% |
| BIPs 68, 112 & 113 | 2016-04-11 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softforks: Rel locktime, CSV & MTP locktime | 99% |
| CVE-2015-6031 | 2015-09-15 | MiniUPnPc Bitcoin Core/Knots prior to 0.11.2 | Anything | LAN | Buffer overflow | |
| BIPs 141, 143 & 147 | 2016-10-27 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: Segwit | 99% |
| CVE-2016-8889 | 2016-10-27 | Bitcoin Knots GUI 0.11.0 – 0.13.0 | Exposure | Hard | Debug console history storing sensitive info | 100% |
| CVE-2017-9230 | ? | Bitcoin | ? | ? | ASICBoost | 0% |
| BIP 148 | 2017-03-12 | All Bitcoin clients | Fake Conf[8] | Miners[9] | Softfork: Segwit UASF | ? |
| CVE-2017-12842 | 2018-06-09 | No commitment to block merkle tree depth | ||||
| CVE-2016-10724 | 2018-07-02 | bitcoind and Bitcoin-Qt prior to 0.13.0 | DoS[3] | Keyholders[11] | Alert memory exhaustion | 99% |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.15.0 | DoS[3] | Easy | OOM via fake block headers | |
| CVE-2016-10725 | 2018-07-02 | bitcoind and Bitcoin-Qt prior to 0.13.0 | DoS[3] | Keyholders[11] | Final alert cancellation | 99% |
| CVE-2018-17144 | 2018-09-17 | bitcoind and Bitcoin-Qt prior to 0.16.3 | Inflation[5] | Miners[9] | Missing check for duplicate inputs | 80% |
| CVE-2018-20587 | 2019-02-08 | Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases | Theft[10] | Local | No alert for RPC service binding failure | <1% |
| CVE-2017-18350 | 2019-06-22 | bitcoind and Bitcoin-Qt prior to 0.15.1 | Unknown | Varies[12] | Buffer overflow from SOCKS proxy | 94% |
| CVE-2018-20586 | 2019-06-22 | bitcoind and Bitcoin-Qt prior to 0.17.1 | Deception | RPC access | Debug log injection via unauthenticated RPC | 77% |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.18.0 | DoS | Easy | Orphan transaction CPU tieup | |
| CVE-2019-12998 | 2019-08-30 | c-lightning prior to 0.7.1 | Theft | Easy | Missing check of channel funding UTXO | |
| CVE-2019-12999 | 2019-08-30 | lnd prior to 0.7 | Theft | Easy | Missing check of channel funding UTXO amount | |
| CVE-2019-13000 | 2019-08-30 | eclair prior to 0.3 | Theft | Easy | Missing check of channel funding UTXO | |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.20.0 | DoS | Easy | Network buffer OOM | |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.20.0 | CPU usage | Easy | Infinite loop via p2p | |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.20.0 | DoS | Recipient[13] | OOM via malicious BIP72 URI | |
| CVE-2020-14199 | 2020-06-03 | Trezor and others | Theft | Social[14] | Double-signing can enable unintended fees | |
| CVE-2018-17145 | 2020-09-09 | Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0 | DoS[3] | Easy | p2p memory blow-up | 87% |
| CVE-2020-26895 | 2020-10-08 | lnd prior to 0.10 | Theft | Easy | Missing low-S normalization for HTLC signatures | |
| CVE-2020-26896 | 2020-10-08 | lnd prior to 0.11 | Theft | Varies[15] | Invoice preimage extraction via forwarded HTLC | |
| CVE-2020-14198 | Bitcoin Core 0.20.1 | DoS[3] | Easy | Remote DoS | 93% | |
| TBD | 2024-07-03 | Bitcoin Core/Knots prior to 0.20.2 | Netsplit[1] | Varies | Adjusted time manipulation | |
| CVE-2021-3401 | 2021-02-01 | Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1 | Theft | Hard | Qt5 remote execution | 64% |
| TBD | 2024-07-31 | Bitcoin Core/Knots prior to 22.0 with UPnP enabled | DoS | Local | OOM via LAN spam | |
| TBD | 2024-07-31 | Bitcoin Core/Knots prior to 22.0 | DoS | Easy | OOM via p2p spam | |
| CVE-2021-31876 | 2021-05-06 | Various wallets | ||||
| CVE-2021-41591 | 2021-10-04 | Lightning software | ||||
| CVE-2021-41592 | 2021-10-04 | Lightning software | ||||
| CVE-2021-41593 | 2021-10-04 | Lightning software | ||||
| BIPs 341-343 | 2021-11-13 | All Bitcoin nodes | Fake Conf[8] | Miners[9] | Softfork: Taproot | 57% |
| CVE-2022-31246 | 2022-06-07 | Electrum 2.1 until before 4.2.2 | Theft | Social | ||
| CVE-2023-50428 | 2023 | All Bitcoin nodes | DoS[3] | Easy | Bypass of datacarriersize limit using OP_FALSE,OP_IF | |
| CVE-2024-34149 | 2024-03-30 | Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 – 0.23.0 | DoS[3] | Easy | Script size limit not enforced for Tapscript |
Citations:
[1] https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
[2] https://www.linkedin.com/pulse/exposed-vulnerabilities-you-need-know-worlds-most-vicente-md
[3] https://www.mcafee.com/blogs/other-blogs/mcafee-labs/timeline-bitcoin-events-demonstrates-volatility/
[4] https://www.investopedia.com/news/largest-cryptocurrency-hacks-so-far-year/
[5] https://www.cyberdefensemagazine.com/bitcoin-blockchain-and-breaches/
[6] https://fortune.com/crypto/2023/11/17/early-bitcoin-wallets-flaw-hacker-vulnerability-exposed/
[7] https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/