A security 'what-if' scenario

[niniyo]

Hi,

I was pondering some worst-case hacks for bitcoin and what effect they might have on the whole system.  I thought I might ask here, in case these ideas might somehow better prepare for such an eventuality.

I think a worst-case hack would be if it were found to be possible to spend transactions for which you don't have the private key for.  As in, steal anyones money.  I'm thinking that breaking the hash functions / digital signature functions all at once is very unlikely.  However, I understand that to spend a transaction, what you really need is for the script to evaluate to true.  So, lets say there was some vulnerability in the scripting language so that it were somehow possible to craft a transaction whereby the scripts on the inputs evaluate to true and become spendable.  I think this would be a much more likely scenario and something that hopefully the developers are very paranoid about.

If this exploit was noticed immediately, it would be fairly easy to patch the client to fix this issue, and to circulate a new version.  Blocks containing the hacked transactions would be marked as invalid, and the blockchain would fork back to a secure chain (but if the response was quick enough, the fork shouldn't be disruptive enough to kill bitcoin as a whole).

But, in an alternative scenario, if these hacked transactions were not noticed immediately, and were buried thousands of blocks deep before being discovered, what would be the course of action?  If the blockchain were hard forked to a 2 week old version, this would cause chaos and would destroy all commerce done over those 2 weeks.  So, another approach might be to accept that some money was stolen, and patch the client to treat the blocks as valid but only for those older blocks, and for newer blocks with hacked transactions, treat them as invalid.  In that case, people would just have to accept that their money was stolen.

Under this doomsday scenario, it would be critical to get a patch out as soon as possible, especially if the exploit is in the wild.  But it may take some development time to implement the logic where hacked transactions are valid prior to a certain block number.  I'm just wondering if there has been any thought to this scenario and if there are any plans on how to deal with this kind of thing if it ever happened?

Feel free to shoot me down if my thinking is bad here. I don't work with the source code so I'm not an expert.  I thought I should post anyway if there's even a slim chance that this discussion might somehow build preparation for a disaster scenario.

Thanks

[niniyo]

Oops, this might actually belong on the Development board.  Is anyone able to move it?

[superduh]

having a virus hijack browser and replace legit btc addresses with those of the virus on all pages on the internet (btc address hijack)- i'm sure some asshole is working on it now

[gadman2]

Don't hold this to me but I thought I heard something about someone being able to roll back the blocks after a fix in a meltdown situation

[01BTC10]

having a virus hijack browser and replace legit btc addresses with those of the virus on all pages on the internet (btc address hijack)- i'm sure some asshole is working on it now

Already seen over a year ago. 

[Dabs]

That one actually just replaced bitcoin addresses in the clipboard with its own. It didn't have to hijack any browser. Anyone can program that, even I can. But to get a victim to install it, is something else.

[Magazine]

This might be a bit off-topic but I remember years ago when Internet Banking was just starting to get easy to use and able to send transactions instantly I caught a virus that changed the Account Number of the account I was sending funds to, to a different one without me even noticing it. So you was actually sending funds to a hacker without knowing it. Of course I managed to dispute it and get my money back and shelled out on some good protection after but I was wondering if this would be possible with Bitcoin.

Say you send someone a transaction, you type a address but the hacker's virus installed on your system directs the transaction to their address but it doesn't show the hackers address until the person clicks send and of course they see it's a different address in the history.

[01BTC10]

This might be a bit off-topic but I remember years ago when Internet Banking was just starting to get easy to use and able to send transactions instantly I caught a virus that changed the Account Number of the account I was sending funds to, to a different one without me even noticing it. So you was actually sending funds to a hacker without knowing it. Of course I managed to dispute it and get my money back and shelled out on some good protection after but I was wondering if this would be possible with Bitcoin.

Say you send someone a transaction, you type a address but the hacker's virus installed on your system directs the transaction to their address but it doesn't show the hackers address until the person clicks send and of course they see it's a different address in the history.

http://en.wikipedia.org/wiki/Man-in-the-browser

[Magazine]

This might be a bit off-topic but I remember years ago when Internet Banking was just starting to get easy to use and able to send transactions instantly I caught a virus that changed the Account Number of the account I was sending funds to, to a different one without me even noticing it. So you was actually sending funds to a hacker without knowing it. Of course I managed to dispute it and get my money back and shelled out on some good protection after but I was wondering if this would be possible with Bitcoin.

Say you send someone a transaction, you type a address but the hacker's virus installed on your system directs the transaction to their address but it doesn't show the hackers address until the person clicks send and of course they see it's a different address in the history.

http://en.wikipedia.org/wiki/Man-in-the-browser

That's the one, I forgot what the name was I kept thinking of "Man In The Mirror" for some strange reason. Yea, I was pretty annoyed I lost the amount I did at first. The bank did seem to sort it out for me quickly luckily. I have been worried to use online banking since haha.

[niniyo]

As bad as the "man in the browser" attack would be, it wouldn't reflect a vulnerability in bitcoin itself, and wouldn't require any patching or hard forking of bitcoin to deal with.

To phrase my initial question concisely: what would happen if a vulnerability was discovered several weeks after it had been used discreetly in the wild to steal a large amount of funds, and the fraudulent transactions were burried thousands of blocks deep.  Would we accept the stolen money and treat the fraudulent blocks as valid, or hard-fork back to an earlier blockchain which would cause commercial chaos for all people doing business with bitcoin?

[adamstgBit]

As bad as the "man in the browser" attack would be, it wouldn't reflect a vulnerability in bitcoin itself, and wouldn't require any patching or hard forking of bitcoin to deal with.

To phrase my initial question concisely: what would happen if a vulnerability was discovered several weeks after it had been used discreetly in the wild to steal a large amount of funds, and the fraudulent transactions were burried thousands of blocks deep.  Would we accept the stolen money and treat the fraudulent blocks as valid, or hard-fork back to an earlier blockchain which would cause commercial chaos for all people doing business with bitcoin?

we would accept the stolen money and treat the fraudulent blocks as valid.
I think most would agree.



Price would likely drop significantly, and then bounce back! as every realizes the issue was fixed, and they are just THAT much more lucky to still have BTC  

[Dabs]

You can only track the "stolen" bitcoins so far before they split up into a thousand pieces and go through online exchanges, online wallets, and online casinos.

Fraudulent transactions maybe, but there is no such thing as a fraudulent block. It got mined, so it has to be valid.