Zero day Bitcoin vulnerability in deferred transactions allows stealing bitcoins

The security of cryptocurrency transactions is being tested. According to a new report, a widespread failure has compromised a special type of Bitcoin transaction, known as a deferred transaction or “timelocked”, which was implemented in order to discourage fraudulent conduct in the community.

The report, revealed by a user known as “0xb10c”, reveals that more than one million of these transactions were not conducted properly, increasing the risk of attack and theft of cryptocurrency miners. Apparently, the flaw affects at least 10% of timelocked transactions (or 2% of Bitcoin transactions in general).

A timelocked transaction prevents the Bitcoin recipient from immediately accessing the received virtual assets. These transactions force users to wait until the network has added a certain number of blocks to confirm the operation. The inclusion of each new block takes about 10, so a transaction can be scheduled to expire at a certain time.

The software engineer found that some faulty transactions established for a specific block carry out a potentially disruptive mining strategy, known as free-sniping. Using this method, a malicious miner could replace a block that someone else just extracted, including the same transactions and potentially other transactions that are still pending. The timelocked transaction prevents them from including the latter, which limits the loot of the attack, so it might not be worth deploying this attack.

The chances of seeing this attack in real-world scenarios increase as transaction fees become an important source of income for miners. Right now, miners depend on the rewards they receive from the Bitcoin block, although revenue streams could decrease over time.  

Cryptocurrency theft is not the only risk arising from this failure, as virtual asset enthusiasts could also be exposed to private data leaks because this is a very particular type of transaction, so it would not be difficult for threat actors to determine which users are associated with these transactions.

Although 0xb10c mentioned that developers related to most of these faulty transactions were notified and committed to implementing an update, he also emphasizes that implementing fixes could take considerable time. This is just one of many problems facing the cryptocurrency community, so there is much to do before furthering the use of these resources as a true alternative to using traditional currencies.