“Shock” is perhaps the word that best describes the mood ever since one of bitcoin’s most severe bugs was discovered and patched last week.

As the community reels over the vulnerability that was hiding in the code for two years, and that could have been exploited to print more bitcoins than the 21 million is hard-coded to be produced, developers are wondering: Is there a way to prevent such a severe bug from being added to the code again?

Days after the discover, there hasn’t been any formal proposals. But that’s not to say the event hasn’t prompted discussion about how bitcoin works and how similar bugs in the cryptocurrency’s most popular software implementation, Bitcoin Core, can be identified and resolved in the future.

It’s an important question, too – What if a malicious actor had found the exploit first? What if there are other hidden bugs in the code right now?

To this point, pseudonymous bitcoin subreddit moderator ‘Theymos’ urged the community not to forget the bug.

He argued it was “was undeniably a major failure” in a widely-circulated post, adding:

“If all of Bitcoin Core’s policies and practices are kept the same, then it’s inevitable that a similar failure will eventually happen again, and we might not be so lucky with how it turns out that time.”

That said, there’s an argument to be made that Bitcoin Core, powered by an open network of global participants, now has a more robust process for code review than at any time in the technology’s history.

Right now, the implementation has more developers than ever contributing to the open-source codebase. And it is tested quite a bit; by one estimate, tests make up nearly 20 percent of the codebase.

The community’s ‘fault’

Still, developers argue more could be done to make sure the digital money works smoothly.

Theymos thinks one avenue would be to build “more sophisticated” tests tailored at locating severe, but hard to find bugs, like the one last week. “Perhaps all large bitcoin companies should be expected by the community to assign skilled testing specialists to Core,” he continued, adding:

“Currently a lot of companies don’t contribute anything to Core development.”

Bitcoin Core contributor James Hilliard stressed much the same, suggesting that developers can increase the “amount” and “quality” of testing. Though, this might be easier said than done. Bitcoin Core contributor Greg Maxwell agreed in Theymos’s thread that testing is important, but the quality and detail of the tests is important.

“Directing more effort into testing has been a long-term challenge for us, in part because the art and science of testing is no less difficult than any other aspect of the system’s engineering. Testing involves particular skills and aptitudes that not everyone has,” Maxwell said.

This sort of expertise is hard to find.

“Bitcoin development is largely bottlenecked by code review and there are not a large amount of people out there who are able to do that,” Hilliard told CoinDesk.

Yet, many others believe the responsibility shouldn’t only rest on developers. A common sentiment shared was that as a decentralized project with no leaders, keeping bitcoin free of errors is a shared responsibility.

“My main problem with a lot of the backlash is people pointing at specific developers to assign blame. The entire project is open, there is no ‘membership’ and users have just as much of a responsibility to audit code as developers actively contributing,” pseudonymous bitcoin enthusiast Shinobimonkey told CoinDesk.

Such a sentiment was shared by Bitcoin Core maintainer Wladimir van der Laan who tweeted, “It was wrong that the buggy code was merged. Yes, we screwed up but the ‘we’ that screwed up is very wide. The whole community screwed up by not reviewing consensus changes thoroughly enough.”

Chaincode engineer John Newberry agreed. Even though he didn’t write the buggy code, he argued that as a developer in the bitcoin world, he played a role in the error, too, by not looking closely enough.

He went as far as to say that the code in question had looked funny to him. Yet, he assumed others had already checked.

“Instead of verifying for myself, I trusted that people smarter and wiser than I am had it covered. I took it for granted that someone else had done the work,” he stated.

Multiple Bitcoin Cores

Still, some argue there will always be a risk of bugs.

“There’ve been bugs in bitcoin before and there’ll be bugs again. It’s just software. There’s nothing magical to it,” tweeted Blockstream COO Samson Mow.

Along these lines, there’s another popular idea floating around.

Today in bitcoin, there’s one main bitcoin software, Bitcoin Core, run by 95 percent of bitcoin nodes. (At least that’s according to one count – interestingly, there’s no way to see every bitcoin node, because some nodes want more privacy and don’t advertise their existence to the rest of the network.)

One idea, then, is to make more bitcoin code implementations. That way if one implementation has a disastrous bug that crashes the network, the other implementations could still be fine, keeping bitcoin as a whole running.

And to a certain degree, this already exists. There are lesser-known code implementations, such as Bitcoin Knots and Btcd. Elsewhere in the cryptocurrency world, this is becoming the norm. For instance, ethereum has two dominant implementations, geth and parity, each of which can be used by anyone running the software.

Still, many bitcoin developers worry that adding more than one implementation could introduce problems that would be even worse than last week’s vulnerability.

“What many people do not realize is that having people run different implementations makes it easier for attackers to partition the network,” Bitcoin Core contributor Andrew Chow argued in a conversation outlining the pros and cons.

As such, developers don’t necessarily agree on exactly what needs to be done.

Theymos perhaps put it best when he said:

“I don’t know exactly how this can be prevented from happening again, but I do know that it would be a mistake for the community to brush off this bug just because it ended up being mostly harmless this time.”

Japanese financial authorities are ramping up their scrutiny into the domestic crypto exchange sector after last week’s ¥6.7 billion ($60 million) hack of Tech Bureau’s exchange Zaif.

In an announcement today, Japan’s Ministry of Finance struck Osaka-based Tech Bureau, operator of the licensed cryptocurrency exchange Zaif, with “administrative penalties” wherein the latter sees a number of enforced mandates in the aftermath of last week’s hack.

Specifically, the company is now required to determine the facts and the cause behind the theft, as well as formulate and execute measures to prevent another hack. Pointedly, the company is also tasked to determine the attackers behind the hack.

Further, the exchange operator will also need to respond to customers to assess damages in an adequate manner.

This is Tech Bureau’s second business improvement order in the space of three months.

Tech Bureau disclosed details of a sizeable hack involving the theft of ¥6.7 billion (just under $60 million) in bitcoin, bitcoin cash and monacoin from the exchange’s ‘hot wallets’ (online wallets that are more vulnerable to theft than offline, cold-storage wallets).

The hack initially occurred between 1700 and 1900 local time on September 14. Tech Bureau reported the breach to the Financial Services Agency (FSA), Japan’s financial regulator, prompting an investigation into the breach that ultimately led to today’s action.

As reported previously, Tech Bureau revealed plans to sell a majority of its shares to a publicly-listed financial firm in an agreement that will see the operator gain a cash injection of ¥5 billion (approx 45 million). These funds will directly help reimburse an estimated ¥4.5 billion ($40 million) stolen from customer accounts.

The exchange operator also sees a deadline to submit written reports revealing its own investigation into the theft and its progress on implementing improved measures after its first business improvement order, issued by the FSA, in June.

The incident draws parallels to the $530 million theft of Coincheck in January, the biggest crypto exchange hack in history. By April, the Tokyo-based exchange was wholly acquired by Japanese financial brokerage giant Money for ¥3.6 billion ($33.5 million).

While the thefts have unquestionably raised concerns – Japan’s National Police claim crypto theft has tripled in the first half of 2018 – about the security and reputation of  Japan’s domestic cryptocurrency exchange industry, it has scarcely dampened the ever-growing appetite for crypto adoption in Japan. Earlier this month, the FSA revealed it is expecting in excess of 160 applications from companies seeking licenses to launch cryptocurrency exchanges in Japan’s regulated market which already sees the likes of YahooLINE and Rakuten operating exchanges.

One of the world’s largest cryptocurrency and bitcoin mining companies, Bitman’s Antpool, has entered into a sponsorship agreement with popular NBA team Houston Rockets.

A Step Towards Expansion

The partnership signed by both outfits is for the 2018-2019 professional season and will stand out as one of the significant moves by the China-based company towards achieving its expansion goals into the Houston area. At the same time, this joins in the increasing number of similar awareness and publicity programs being experienced by cryptocurrency in recent times, especially in associating with the sporting industry.

According to AntPool overseas operations manager Haijiao Li, there is no better way for his company to continue with its momentum in expanding to the U.S. than partnering with the Houston Rockets. He describes the NBA outfit as most popular team in China — Chinese Hall of Famer Yao Ming played for the Rockets — and a legendary basketball club with global recognition.

“We’re excited to work with AntPool as a conduit in the U.S. for their ever-growing business,” added Rockets vice president of corporate development John Croley. “The Rockets are always looking to stay ahead ofthe curve with technology both on and off the court and AntPool’s prowess with crypto currency makes for agreat partnership.

It is obvious knowledge that the crypto industry is still trying to find its way into the mainstream. This phenomenon requires a lot of awareness and proper education in order to encourage reasonable adoption. Efforts such as these are becoming more popular in the industry and also seem to be delivering expected results.

An Important Development For Crypto

Bitmain Antpool Houston Rockets
Source: Bitmain

Li acknowledges the increasing number of mainstream cryptocurrency partnerships as an important step towards the conversion of consumers to adopt and understand bitcoin and other digital assets.

“As the cryptocurrency industry around the globe continues to evolve and develop, it is going to be more and more important for companies like AntPool to lead the conversation and conversion of consumers to adopt and understand digital currencies. It is an exciting time, and we welcome Rockets fans and those traveling to Houston to visit our showcase at Toyota Center and learn more about the technology that will change the world.”

Prior to this time, CCN reported similar partnerships by other cryptocurrency companies with a number of sporting outfits both in the field of baseball and football, among other sports. The reason for such partnerships is easy to understand based on the volume of audience that professional sports teams attract. This same philosophy is being applied by companies that partner with celebrities in the entertainment industry.

If there is one thing that the cryptocurrency industry needs now, it is awareness and proper education. Therefore, while individual companies make efforts for their own publicity and expansion, the overall positive impact that they have on the industry at large cannot be overemphasized.

In an exclusive interview with CCN, the CEO of the world’s largest Bitcoin ATM network took a hard stance against those who believe in a world where Bitcoin and its peers can survive unregulated.

Sheffield Clark, whose company — Coinsource — recently installed 17 new Bitcoin ATMs in Florida, stated that cryptocurrency is not a viable or realistic payment solution at this time, citing it as a major obstacle to be overcome for all in the space.

“With the time and cost that it takes to use Bitcoin to pay for everyday items as currently constructed, is not realistic for most people to use it in this way. It doesn’t make sense for them to. It is not easier or more cost efficient than traditional financial instruments at this time.”

Clark pointed out that BTC’s best use case at the moment is that of a speculative investment or means of trading and investing in other virtual currencies, something he says is evident from the use of the Coinsource Bitcoin ATM network, which is often used to exchange cash for bitcoin, which is in turn invested in altcoins for speculative purposes.

The CEO pointed out that the “primary Bitcoin ATM customer” comes from the one-third of the world’s population which are unbanked, leaving them with no choice other than cash or bitcoin. While the speculation is good for traders, Clark states that the volatile and speculative nature of the space makes life difficult for those turning to cryptocurrency out of necessity.

“You can get Bitcoin more into the mainstream media, put more kiosks on the streets, make it more easily accessible for all, and further educate the masses on its adoption, but until it is practical for someone to be able to buy a gallon a milk with it or put their life savings into it without having the risk of losing 20% of it in a week – adoption a high level by the general population will continue to be very slow if not stagnant.”

Sheffield said that many of Coinsource’s customers use cash to purchase bitcoin so that they can trade for altcoins.

Like many of our recent interviewees, such as Coinbase UK CEO Zeeshan Feroz, Clark feels that more regulation is the solution to many of the problems in today’s crypto space. He lamented the lack of regulation and the lack of continuity between individual states and the federal government, comparing this to marijuana regulation in the U.S., which varies greatly from state to state.

“The only consistency that I see between the states and the federal government regarding Bitcoin is the total lack of enforcement when it comes to the few regulations that are in place.”

This lack of regulation is a major problem in Clark’s eyes, and he doesn’t have much time for those who feel otherwise.

“Those with the idealistic belief that one of the most noble ideals about Bitcoin is that it was created as an “unregulated” currency are fools to believe that it actually survive, much less thrive in that environment. The truth is that Bitcoin and the companies behind it are regulated by the banks in which they depend upon in which to grow their business.

Without any firm regulation from the government, these banks can put whatever restrictions they want onto those companies, resulting in those companies having to comply with much stricter standards than those that would be regulated directly by the government itself – and it’s to the banks’ advantage because at some level Bitcoin is a competitor to their traditional financial instruments whether they want to admit it or not.”

Clark stated that the other option for businesses is to simply operate without a bank account, leading to higher overhead costs and higher fees for consumers. Coinsource markets itself as having the lowest fees of any competitors, and Clark expressed disbelief over the fact that there are people buying bitcoin at markups as high as 25%, something which he feels will be curbed with a more defined regulatory framework.

The 2017 Bitcoin Mining Mania

At the height of Bitcoin mania in 2017 when the price was surging rapidly, miners flocked to Iceland. With its rich geothermal potential and cheap energy, the Arctic island proved a haven for Bitcoin mining companies looking to make huge profits.

Thus, giants like BitFury, Genesis, etc. came into the domestic scene, outmuscling the local cryptocurrency mining enthusiasts. Such was the scale of the virtual currency mining craze that a high-profile Bitcoin mining heist even occurred at the start of 2018. In April, Dutch police apprehended the suspected mastermind of the “Big Bitcoin Heist” that saw the theft of 600 BTC mining computers worth about $2 million.

Bitcoin mining

There is no consensus for the exact nature of the power consumed by cryptocurrency mining activities. However, everyone agrees that the process expels a lot of heat. Thus, the cold climate in the country plus its low electricity tariffs make it a prime location for establishing mega cryptocurrency mining facilities.

Avoiding Another Economic Collapse

In recent times, however, the massive decline in cryptocurrency prices appears to be taking its toll on the mining sector. HashFlare, a popular cloud mining platform, recently discontinued its BTC mining service.

Understandably, stakeholders in the country do not want another repeat of the 2008 financial crisis where the country’s currency plummeted by more than 60 percent. By April 2018, when the Bitcoin price was somewhere in the mid-$7000 region, some experts predicted a likely collapse of the Icelandic BTC industry.


A Diversified Cryptocurrency Economy

Stakeholders like Halldór Jörgensson, the head of the Borealis Data Center in Keflavik, believe the emphasis should be on diversifying the country’s cryptocurrency industry. Speaking to Red Herring, Jörgensson said:

The demand is shifting more towards the pure blockchain business. So, you could say that the bitcoin wave, the big wave of bitcoin demand, has helped us to build out really fast because there were really aggressive or interested parties who wanted to do things and we managed to do the build-out.

Recently, billionaire tech VC Tim Draper predicted that the global cryptocurrency market would reach $80 trillion. Already, countries like Malta are expanding their capacity building efforts in several aspects of the emerging industry. Iceland could follow suit, becoming one of the global blockchain technology hubs.


The discovery of the bug and the Core developers attempts to address it have caused ruffled feathers in the crypto community. Allegations of incompetence and bad-faith have been leveled by members of both the Bitcoin (BTC) $6737.25 -0.27% and Bitcoin Cash community as developers attempt to patch the bug.

CVE-2018-17144 was initially reported as a potential denial of service bug, but developers on the Core team discovered the root issue impacted both denials of service and inflation vulnerability. The Bitcoin Core team has released a timeline in its announcement about the bug, showing the steps undertaken as the team went from being made aware of the bug’s existence to releasing a patch.

The CVE-2018-17144 bug originated in Bitcoin Core .15, originating as part of a change which was designed to help simplify the tracking of unspent transaction output. This change left Bitcoin versions .15X through .16.2 vulnerable to the bug — as well as any altcoins or forked versions of Bitcoin that were still using code containing the bug.

Crucially, the implantation of the code which caused the bug was led by the same developer who was integral in implementing the fix. This has added to suspicions that the release of the patch was not handled correctly.



Worryingly for many, the bug had been sitting undiscovered in the code for two years, raising concerns about what other issues may be lurking in Bitcoin just waiting to be exploited. In a post from Medium contributor Awemany, it’s noted that it would have been just as easy for him to short BTC — and exploit the bug — as it was for him to report the bug the Core team.

The Bitcoin Core team has been heavily criticized for the manner in which they rolled out the announcement about both the bug and the patch. For Bitcoin and many of the altcoins which rely on the same code, the decision to announce the bug and patch without consulting members of the altcoin networks that would have been impacted by a successful exploit was seen by some as political and mean-spirited.   

Despite the promise of decentralization and transparency promised by crypto advocates, the CVE-2018-17144 episode illustrates just how dependent many projects are on the decisions made by a relatively small number of members of the community. If the actors in this saga had made a handful of decisions differently, billions of dollars of value could have been wiped out. Hopefully, this episode leads to clearer standards around bug discovery and patching, and a more harmonious culture between various developer teams.

Galaxy Digital CEO and infamous Bitcoin (BTC) supporter Michael Novogratz says cryptocurrency markets have hit “seller fatigue,” repeating his belief that prices have bottomed, various media outlets report Friday, September 21.

As part of his comments at Yahoo Finance’s second annual “All Markets Summit,” Novogratz, who last week “called a bottom” for crypto on social media, said Bitcoin’s price drops throughout this year had demonstrated its new stability.

“Bitcoin has held $6,000. Yes, it is off its highs, but it has established itself as a store of value,” he told the audience quoted by Reuters, adding:

“I think institutions are moving towards investing. It’s shocking how much has happened.”

Both Bitcoin and major altcoins were seeing a renaissance Friday after a week of flat performance, with BTC/USD climbing to highs above $6700 at press time.

Ethereum (ETH) delivered gains of almost 11 percent in 24 hours, hitting $230 for the first time since September 6.

Continuing, Novogratz additionally likened the current climate in cannabis stocks to how Bitcoin and Ethereum were in 2017.

“The prices of cannabis stocks today feel like bitcoin and ethereum did in December of last year,” CNBC quotes him as saying, forecasting the market to grow “relatively rapidly.”

Thursday, September 20, saw U.S. regulators again postpone a decision on a Bitcoin exchange-traded fund (ETF) application by VanEck and SolidX, with prices starting to rise soon after the news became public.

Bitcoin Core developers published a “full disclosure” of the vulnerability affecting several implementations of the Bitcoin (BTC) client Friday, September 21, repeating calls for all nodes to upgrade to the latest version as a priority.

In addition to technical details about the bug, known as CVE-2018-17144, the disclosure explains how developers dealt with the threat to the Bitcoin network, along with a timeline of its discovery and patching in Bitcoin Core version 0.16.3.

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade,” the notice reads.

CVE-2018-17144 had spooked the Bitcoin technical community when an anonymous party reported it this week, with Bitcoin.org creator Cobra describing its potential impact as “very scary.”

“At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability,” the disclosure continues, adding:

“However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.”

The impetus to upgrade at the current time appears not to be shared unanimously, with Bitcoin Core developer Luke-jr subsequently claiming the update publication was “premature.”

“[In my opinion] this is being disclosed way too prematurely (only 2% of the network has upgraded), but the cat’s out of the bag,” he wrote on Twitter, nonetheless urging followers to upgrade “ASAP!”

The U.S. Securities and Exchange Commission (SEC) announced Thursday that it has begun proceedings to decide whether to approve a proposed bitcoin exchange-traded fund (ETF).

The SEC published an “order instituting proceedings to determine whether to approve or disapprove a proposed rule change” filed by Cboe BZX Exchange, Inc. If approved, Cboe would have the green light to list a bitcoin ETF pitched earlier this year by money management firm VanEck and crypto startup SolidX.

As part of that process, the SEC wants more input from the public – to date, according to the agency, more than 1,400 comments have been submitted.

SEC secretary Brent Fields wrote in the order:

“Institution of such proceedings is appropriate at this time in view of the legal and policy issues raised by the proposed rule change. Institution of proceedings does not indicate that the Commission has reached any conclusions with respect to any of the issues involved. Rather, as described below, the Commission seeks and encourages interested persons to provide comments on the proposed rule change.”

Under the terms of the proposal, VanEck and SolidX would create a bitcoin trust, in which SolidX would list shares. The SEC has already delayed making a decision on the matter once, and can potentially delay making a final decision through February under existing regulations.

Last month, the SEC made waves after it moved to reject nine proposed bitcoin ETF proposals – only to reverse course soon after and launch a review of those decisions. It remains to be seen when that separate process will be completed.

The computing giant first filed the patent in March 2017, detailing how blockchain could be used to securely store data associated with unmanned aerial vehicles (UAVs) — more commonly known as drones. The patent notes that a blockchain system can provide “effective techniques for managing data related to a UAV […] particularly when a security risk level is considered to be relatively high.”

According to the filing, such data may include the drone’s location, its manufacturer and/or model, its flying behaviour (“e.g. erratic”), the model’s capabilities such as camera resolution, contextual information such as weather conditions, and the vehicle’s proximity to restricted or forbidden flight zones

The patent filing suggests that transaction data could be added “more frequently” as a block to the chain if and when a risk level is considered to be high. In terms of managing privacy concerns, if a drone is equipped with a high-resolution sensor, for example, the filing proposes that this could be recorded on the blockchain, with additional data transactions added whenever the sensor is detected to be activated.

As such, according to the filing, a shared and immutable ledger can enable multiple parties — which could include other drones, airspace controllers, regulatory bodies, and so forth — to participate as peers in managing risk. Validator nodes within the network could moreover grant special permissions, using the transparently stored data to verify that a drone has the authorization to fly in a particular zone.

The patent further proposes that smart contracts could be used to interface the blockchain system with extra information generated by machine learning models or other algorithms that compute historical data, both on- and off-chain. Such off-chain data could comprise, for example, raw video streaming data that has been capture during the drone’s flight.

IBM has been steadily expanding its involvement in blockchain across diverse fields, this summer signing a seminal five-year $740 million deal with the Australian government to use blockchain to improve data security and automation across federal departments.

Fresh data published late August revealed that IBM is vying with Chinese e-commerce giant Alibabafor the top spot on a new list ranking entities by the number of blockchain-related patents they have filed to date. Having filed 89 blockchain patents, IBM was only just outflanked by its rival — which filed 90.