Home - Coinspect Security
bitcoin denial of service

Bitcoin DoS Attack: Crash Competing Miners for Just 0.14 BTC

Juliano Rizzo
linkedin icon twitter icon
Founder & CEO
Bitcoin

This week, Bitcoin Core developers disclosed a high-severity Denial-Of-Service (DoS) vulnerability that could allow attackers to crash Bitcoin nodes running versions before v24.0.1. This vulnerability affects approximately 17% of the Bitcoin network.

What is the impact of the Bitcoin header spam vulnerability?

Before Bitcoin Core version 24.0.1, attackers could spam nodes with low-difficulty header chains, causing the nodes to download and store extremely long chains of headers in memory. Depending on the node’s memory resources, this attack can lead to a crash.

How attackers can leverage a Bitcoin node DoS for profit?

This attack requires access to Bitcoin PoW hashing power; the most likely scenario for a profitable attack is malicious miners attacking other miners. Bitcoin security researchers have studied Denial-of-Service attacks for over a decade, particularly those targeting competing miners. Game theory models, such as those explored in the Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools paper, have analyzed the incentives and potential strategies behind these attacks. Attackers can leverage a DoS attack for profit in several ways, for example:

Disrupting Mining Pools: Crashing the nodes of competing mining pools, attackers can increase their own chances of mining new blocks and collecting rewards by attracting hashing power from the attacked pool to their own.

Decreasing Network Difficulty: Sustained DoS attacks can lower the total network hash rate, decreasing mining difficulty. Attackers can then mine blocks more easily and profit before the difficulty readjusts.

Double-Spending Attacks: Attackers can exploit the reduced network PoW security to reverse transactions after receiving goods, services, or other crypto assets from bridges or exchanges.

What is the cost of the Bitcoin DoS attack?

The declining cost of making a chain of low-difficulty headers made the attack increasingly feasible, prompting developers to prioritize a permanent security fix. Attackers can build the chain of headers once and reuse it to crash any node on the network.

  • October 2019: The cost to perform this attack was approximately 4.12 BTC.
  • February 2022: The cost dropped to about 1.07 BTC.
  • September 2024: The cost further decreased to just 0.14 BTC (0.0444 * 3.125 BTC.)

How was the Bitcoin header spam vulnerability fixed?

Bitcoin Core developers implemented a protection against this DoS attack in Bitcoin Core PR #25717, co-authored by Suhas Daftuar and Pieter Wuille. The solution involves:

  • Work Verification Before Memory Storage: Nodes now verify that a presented chain has sufficient cumulative work before committing it to memory.
  • Commitment Scheme: The implementation includes a commitment mechanism to ensure that the headers received during the verification phase match those stored later.
  • Elimination of Checkpoints: With this new mechanism, Bitcoin Core no longer relies on checkpoints to protect against known attacks, enhancing the overall security model.

The identification and resolution of this security vulnerability demonstrate the collaborative nature of the Bitcoin development process. David Jaenson and Braydon Fuller discovered the attack vector, while Suhas Daftuar and Pieter Wuille contributed to implementing the solution.
Pieter also developed a simulation script to help decide the parameters for the new synchronization mechanism.

Recommendations For Node Operators

If you are running a Bitcoin Core version earlier than v24.0.1:

Conclusion

As the Bitcoin ecosystem evolves and new innovative projects emerge—such as decentralized finance applications (Bitcoin DeFi), staking solutions, and Layer 2 (Bitcoin L2) protocols—the fundamental security of Bitcoin’s base layer must evolve to resist new threats. These innovations build upon Bitcoin’s Layer 1 core infrastructure and aim to enhance its functionality and broader adoption. Consequently, Bitcoin ecosystem developers, researchers, and stakeholders must prioritize the security of the underlying network and actively contribute to its development.

Developers working on Bitcoin-related projects should consider engaging with blockchain security professionals with extended experience in the Bitcoin ecosystem to conduct thorough source code reviews, double-check assumptions, and identify potential new incentives for attacking the Bitcoin network these innovations create. By prioritizing security at every stage of development, the Bitcoin ecosystem can continue to innovate while maintaining its fundamental integrity and reliability.

Request an Audit