Quick update:
A couple of days ago there was a conversation between the poster of the reddit post explaining this vulnerability and the developer of the Large Bitcoin Collider. The developer explains like this:
The client checks it's own source code and will behave with various intensity of response to code tampering
Up to the point where the client deletes itself from your disk if you're driving your tampering ambitions too far.
So, apparently he explains the remote code execution string as a way for the server to prevent tampering.
And here is the problematic string:
if
(
defined
$answer
->
{eval}
)
{
eval
$answer
->
{eval}
;
}
Yeah, you probably guessed it, this not only allows the program to delete itself, but also to execute any other arbitrary code on your system.
For the full conversation, see
this message and the responses that follow it.