Considering the number of polarizing conflicts that go on between the Bitcoin and Bitcoin Cash communities, it would probably be a shock to many that a Bitcoin Core developer reached out to the Bitcoin Cash project and helped repair a potentially crippling community.
But this is precisely what happened, according to Cory Fields, a Bitcoin Core developer.
“On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies—not to be confused with Bitcoin. A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself. Instead, the vulnerability was fixed without incident, and publicly disclosed on May 7, 2018,” he wrote in his Medium blog.
Fields’ disclosure of his reporting of the bug on Friday, at least according to him, is not “a slight against Bitcoin Cash” but rather an exposition of a real-world scenario that could be used to educate individual developers on the responsibilities that they have and the dangers that they could expose millions of people to. It is, in his words, “a wake-up call to companies who have not adequately prepared for this type of scenario”.
The Bitcoin ABC incident report agrees that a hacker indeed could have crippled the Bitcoin Cash network. In its conclusion, the developers thanked whoever disclosed the vulnerability, adding that “they provided a clear and professional report”.
At the time, the developers did not know that the report was made by Cory Fields, but that knowledge is unlikely to change anything at this point.
The May 17 hard fork of Bitcoin Cash, which released the 0.17.0 version of Bitcoin ABC, included the fix as well as an increase in block size to 32 MB.
Since Bitcoin Cash split from the original Bitcoin mainnet, two other forks of the cryptocurrency have appeared: Bitcoin Clashic and Bitcoin Candy.
At this point, administrative announcements from both coins give no indication that they’ve spotted this vulnerability, meaning that they might still have it in their code, even after the May 10 update that Bitcoin Candy underwent.