Research: a vulnerability in delayed transactions allows the miners to steal each other's bitcoins
Over a million pending transactions on the bitcoin network between September 2019 and March 2020 were configured incorrectly, increasing the risk of an attack to steal cryptosoftware. The bug affects 2% of all bitcoin transactions, according to a developer study under the nickname 0xb10c.
Delayed transactions prevent the recipient from using the bitcoins immediately after enrolling. The sender can set any unlocking time based on the interval between the extraction of blocks in the network. The average value of this interval is about 10 minutes.
The delayed transaction method is used, for example, by Blockstream to pay their employees' salaries, thus encouraging them to do their job better - personal wellbeing of developers is directly related to the long-term value of the entire network.
0xb10c detected an array of pending transactions configured for the current block. These transactions make it less profitable to use malware for mining focused on block swapping and transactions to steal commissions.
In a CoinDesk comment, the developer added that such attacks are not a serious threat at the moment, as commissions are only a fraction of the revenue of the miners. However, in the future their danger will increase significantly:
According to the researcher, the solution to the problem was developed at the beginning of this year, but its full implementation will take time.
0xb10c found that the vast majority of these transactions were sent by one party, which he did not disclose.
In May, Andreas Antonopoulos named three major threats to Bitcoin this year, putting the interference in the cryptoindustry by politicians first.