- The only part of Bitcoin that can be described as central is its code base.
- Only a handful of hosts can make changes to Bitcoin code.
- But what happens if they are compromised?
What keeps the Bitcoin network running is a set of rules. Six hundred and forty-six thousand lines of code – which determines how transactions are processed and sets Bitcoin’s financial cap – are stored in one public repository on the GitHub file hosting platform.
Only a few have access.
Although Bitcoin’s network is decentralized, this is arguably the most central – and possibly its biggest – weakness. What would happen if someone managed to infiltrate this code, and insert a bug into Bitcoin’s own network? Could a government make a concerted effort to shut down the whole system?
We decided to run this thought experiment, push it to its limits and analyze if there is a potential weakness here. We spoke with Bitcoin experts and developers to understand how the system works, and whether an attack could be carried out.
What we found is that there are many areas of potential attack but the system is fairly robust in handling them. Here’s how an attack could go down.
Who are the maintainers of Bitcoin?
First, we need to understand how the system works.
Bitcoin Core hosts are the only people who can make significant changes to Bitcoin code in the GitHub repository. Although its official website does not specify exactly who has this responsibility, according to officials bitcointalk.org, only six people have committed access. They are: Wladimir van der Laan, Jonas Schnelli, Marco Falke, Samuel Dobson, Michael Ford and Pieter Wuille.
Bitcoin is an open source project, so carers are not formally appointed. Instead, the privilege is extended on an ad hoc basis by existing carers when someone shows the right qualifications to get a seat at the table.
Gavin Anderson, founder Bitcoin Foundation, according to reports elect Van der Laan as chief maintainer of Bitcoin – the person primarily responsible for uploading changes to Bitcoin Core.
To update the Bitcoin codebase, the Bitcoin maintainers team will review a code proposed by one of thousands of Bitcoin developers, and, if good enough, that code will be approved.
This is where PGP keys come in.
Every Bitcoin maintainer has access to a PGP key, which stands for it Very Good Privacy. These keys are used to sign, encrypt and decrypt texts, emails, files, and other forms of communication or information.
Since the Bitcoin codebase is publicly stored on GitHub, anyone can propose a change to the Bitcoin codebase. To prevent anyone editing the codebase ad infinitum, no changes will be made unless a carer signs one with their PGP key.
Jameson Lopp, CTO of Bitcoin self-custody solution provider, has Casa He said the caretaker role is not much of a key man risk. “Although there are a handful of GitHib ‘host’ accounts at the organization level that have the ability to merge code into the main branch, this is more of a gatekeeper function than a power site.”
But it is too fond of the phrase: “don’t trust, check.” So let’s do just that.
Unauthorized access to Bitcoin Core
Whichever way we slice it, anyone who attacks the system – even someone who works for GitHub – is going to need access to one of the hosts’ PGP keys.
“Someone working for GitHub could maliciously alter the code in the Bitcoin Core repository. This is why they sign declarations with a PGP key. If the code on GitHub has been maliciously changed, then the signatures will not match, ”said Bitcoin researcher Andrew Yang Decrypt.
But what if an attacker really is he did get their hands on a PGP key?
“If one of those keys is dropped, an attacker could potentially modify the code in the repository,” Elias Strehle, a researcher at Blockchain Research Lab, told Decrypt.
Should that happen, however, Bitcoin subscribers have a solution – theoretically at least.
“I assume that Bitcoin maintainers would quickly create a new repo with new PGP keys, upload the undamaged code and ask the community to use the new repo instead of the corrupt ‘Bitcoin Core’ repo , ”Added Strehle.
So that attack should fail, but an internal job could be more damaging.
What if a carer goes rogue?
So far, we’ve learned who the Bitcoin maintainers are, and attacking Bitcoin Core by stealing a PGP key from a host is unlikely to work. Now, let’s consider what would happen if one of Bitcoin’s own hosts was compromised, or even went rogue himself.
Theoretically, a malicious host could upload malicious code, hide it in plain view, and pray that no one realizes.
“Due to the variety of actors who have to accept changes, it is quite difficult to sneak a malicious change into Bitcoin Core, but it might be possible as part of an upgrade that most people think is good, ”Harry Halpin, CEO of Nym Technologies – said a team of programmers working on internet privacy Decrypt, adding, “A really bad change would have to sneak into an upgrade that most people like!”
However, this is unlikely to work. For one, it’s unlikely that the rest of Bitcoin’s hosts – or any of thousands of Bitcoin developers – would fail to notice the malicious code. But even if that is the case he did happens, there is another defense.
“I think it gets caught by the signature verification script the next time someone submits a pull request or tests,” said Bitcoin developer Thomas Kerin Decrypt. That is, if a rogue maintainer tried to bury some bad code into the codebase without being noticed, the next time an update comes, it would lead to a contradiction in the code.
“Every developer’s attention would immediately turn to what happened,” Kerin added.
If a fraudulent maintainer is unlikely to succeed in his or her attempt to damage Bitcoin, the hosts may not be as powerful – or important – as they first appear. To this point, Bitcoin seems relatively safe, but our thought experiment is not over yet.
What if all the carers were kidnapped?
Keep with us here, but let’s just say bob The host was kidnapped, the word did not spread quickly enough to the community, and a sizeable chunk of activists pulled a Bitcoin mark in an attacker’s flawless code.
Some of the world’s most powerful governments have a well-documented contempt for devolved currency, so it is possible that one of those powerful governments could try to hurt the Bitcoin network.
First, Bitcoin could be openly occupied, where the evil actor lets the world see his actions.
All the hosts – including Van der Laan – would be arrested, and the evil actor would immediately start trying to impose a damaging update on Bitcoin Core. This approach would be unlikely to succeed. “The community forks the repository, takes the last good commitment, and starts over from there,” said Kerin Decrypt.
But there is a second, more courageous approach: covert takeover. Here, the main character could hijack the hosts, steal PGP keys, and release a secret outdoor source code they’ve built on Bitcoin Core. This scenario also has its limitations.
“I don’t think you could do this in so many countries without the family getting the word out,” said Kerin.
Either way, if something like this he did happen, Bitcoin would likely fork.
“The manipulated goals and the healthy nodes would probably not be able to reach a consensus on the state of the blockchain, thus creating a fork where one branch is malicious and one healthy,” Strehle also said.
Instead of being used automatically on the vast network of Bitcoin nodes, each node operator can decide whether or not to accept the new update. This avoids imposing unnecessary code on users who do not agree with the update itself, and a great defense to this hypothetical situation.
“The code is not from the repo push to the goals. The attacker code can only become active if node operators active withdrawal of the repo, ”said Strehle (emphasis added), adding that if there was a hack, this could happen in the short term, but the word would spread quickly in the community.
Bitcoin miners will protect themselves
Further protection is the way Bitcoin miners are motivated to check for malicious code – and stay clear of it.
Adam Back, CEO and co-founder of the blockchain technology company Blockstream, said Decrypt that it is worth emphasizing how unlikely it is for a goal operator ever want to update to nefarious code. “I don’t think it hurts people other than the financial security of the goal operators themselves,” said Back.
This is because each individual node operator has the option to remove updates from the GitHub repository. As Back added, “A node sending invalid blocks will be disconnected from other nodes, and a node sending old blocks will be ignored and ignored by other more recent block sending characters.”
That is, it is quite unlikely that the attacker’s code will be accepted by enough node operators to get any real traction. “It would be very obvious that the blockchain wouldn’t match and so it would fail and be rejected,” Jason Deane, a Bitcoin analyst at Quantum Economics, told Decrypt.
So if this government-led attack sounds unrealistic to you, that’s because it is.
Hosts and secret keys make centralization opponents a bit wacky, but ultimately, Bitcoin is out in the open, and anyone can pick up where the good works left off.
“If you’re a hacker and you get your hands on a PGP key for the Bitcoin Core repo, you have about the same options as a streaker running on a football pitch,” said Strehle concludes, adding, “You can draw a lot of attention, cause some confusion, maybe interrupt the game for a while, but that’s it. ”