The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2.
In other words, Bitcoin miners could have brought down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and over-utilizing the bandwidth.
The vulnerability had been around since March last year, but the team says nobody noticed the bug or nobody was willing to incur the expense of exploiting it.
According to the bitcoin core developers, all recent versions of the BTC system are possibly vulnerable to the Distributed Denial of Service (DDoS) attacks, though there's a catch—attacking Bitcoin is not cheap.
The DDoS attack on the BTC network would cost miners 12.5 bitcoins, which is equal to almost $80,000 (£60,000), in order to perform successfully.
The Bitcoin Core team has patched the vulnerability and are urging miners to update with the latest Bitcoin Core 0.16.3 version as soon as possible.
"A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible," the vulnerability note reads.
Although the team says that the miners running Bitcoin Core only occasionally are not in danger of such attacks, it would obviously be recommended to upgrade to the latest software version as soon as possible just to be on the safe side.
In addition to the DDoS vulnerability, the latest version also includes patches for a non-insignificant number of minor bugs, related to consensus, RPC and other APIs, invalid error flags, and documentation.
After upgrading to the latest version—the process that will take five minutes to half an hour depending upon the processing power of your computer—users should note that the new wallet will have to redownload the entire blockchain.