Bitcoin Vulnerability Discovered By A Developer Has Been Flagged By The US Government

Last week, a Bitcoin developer Luke Dashjr raised alarm about a possible vulnerability in the network in relation to the Bitcoin Ordinals that could lead to a code exploit. After posting his findings to social media, Dashjr’s warnings were not taken seriously as community members believed it was a non-issue. However, the US government seems to be taking the vulnerability seriously, adding it to its vulnerability database.

Dashjr had first raised alarm about the bug in the Bitcoin network on December 6 through an X (formerly Twitter) post. As the developer explains, this bug was related to the BTC Inscriptions which have gained popularity in the last year. This capability has helped developers to create what could be referred to as Bitcoin’s version of non-fungible tokens (NFTs).

Elaborating on the mechanism of Ordinals, Dashjr explained that the Inscriptions were actually taking advantage of a vulnerability in the Bitcoin Core. Developers are able to hide their data as program code, thereby being able to bypass the preset limit on the size of extra data that can be included in BTC transactions.

Dashjr explained that he was working to fix this issue. However, the vulnerability remains as developers are still able to create inscriptions on the network. Even after being fixed in the “Bitcoin Knots v25.1,” the developer explains that the vulnerability still remains “in the upcoming v26 release.” As for when the vulnerability might be completely fixed, Dashjr said he hopes this will happen sometime in 2024.

As Bitcoinist reported, not everyone in the community agreed that this was actually a vulnerability. Some worried that if the ‘vulnerability’ is eventually fixed, Ordinals and BRC-20 tokens would disappear, to which Dashjr responded in the affirmative.

Despite the Bitcoin community not taking the warning of the vulnerability seriously, the United States government has chosen a more proactive approach. The National Vulnerability Database which is under the government agency, the National Institute of Standards and Technology (NIST), has moved forward to add the vulnerability to its Vulnerability List under ‘Common Vulnerabilities and Exposures.’

The agency has assigned the vulnerability with the code CVE-2023-50428 after identifying that it could be a potential risk for the network, especially when it comes to security or integrity. This means the agency believes this could lead to an exploit in the Bitcoin network.

The very existence of Ordinals and BRC-20 tokens is already identified as one of the ways that this vulnerability is already being exploited. Naturally, the agency is looking to prevent other ways in which the vulnerability could be further exploited in a way that could cause harm to its users.