Bitcoin Testnet Under Attack


News Slider
Bitcoin Testnet Attack

0.1BTC were made out of thin air on Bitcoin Testnet on September 26. The attacker showed that it’s possible to exploit the inflation vulnerability bug. Reddit users have warned the community that the Bitcoin Testnet is under attack. They called honest miners to help in defending the network.

Apparently, an attacker is mining the invalid-rules chain, the one built before they fixed the latest bug. They have exploited the Bitcoin Core’s bug CVE-2018-17144 to generate 0.1BTC on Testnet. You can see the transaction heretogether with the double spend in input script.

Echeveria, the operator of one mining pool, said that his pool is mining on a valid chain. He called honest miners to connect to it to help the Bitcoin Testnet.

Bitcoin’s Inflation Vulnerability Bug

On September 18, Bitcoin Core developers resolved CVE-2018-17144, Denial-of-Service and inflation vulnerability bug on the Livenet, in Bitcoin Core versions 0.16.3 and 0.17.0rc4. John Newbery, the QA developer of Bitcoin, claimed responsibility for not noticing the bug. However, community mostly responded by showing gratitude for his volunteering efforts and diluted the responsibility to everyone who overlooked the development.

A week after the announcement, over half of the Bitcoin hashrate had already upgraded to patched nodes. The community was unaware of any attempts to exploit this vulnerability until today’s attack on Testnet.

It is important to note that even if they had fully exploited the CVE-2018-17144 bug on Livenet, the damage would have probably been reverted as in the case of Value Overflow incident.

Value Overflow Incident

Value Overflow incident happened on August 15, 2010, when the community discovered over 184 billion new Bitcoins on a block 74638. This was possible because the code used for checking transactions didn’t account for outputs so large that they overflowed when summed.

Soft forking reversed the attack. After some time, all nodes accepted the honest blockchain as the authoritative source of Bitcoin history.

Bitcoins created by the malicious transaction in 2010 no longer exist for people using the longest chain.

Read more at:

Your Bitcoins Are Safe

Unlike Mainnet, Testnet does not use or store real value, it’s basically a monopoly money used just for testing. It is not possible to send Livenet Bitcoins to a Testnet address and vice versa. So, your Bitcoins are not connected to the Testnet!

As one Redditer noted, it is good to have a Testnet: “It provides valuable info on how the (Livenet) nodes would behave if the bug is exploited and what the recovery looks like.”

Community will watch if the attacker will manage to spend the output. Honest miners have alerted majority of miners about the attack, so it is expected that they will orphan this transaction.

Post Views: 1976
  1. Larsen 1 year ago

    Transaction has been removed from the Testnet now. It’s a good example of what would’ve happened in a Mainnet attack. The end result would be – everything going back to normal. However, people/exchanges accepting these fake coins which would later be invalidated, would suffer loses. But the inflation wouldn’t last. That’s for sure.

    • Miner 1 year ago

      We cant be 100% sure because it depends on behavior of other miners

  2. Some really marvellous work on behalf of the owner of this web site, absolutely great written content.

  3. is full of interesting informations, bookmarked!

Leave a Comment

Your email address will not be published.

2 × 1 =