Whalesbook
Okay, toh Litecoin network mein ek shaitaan ne entry maari aur 13 blocks ka pura reorganization kar diya. Matlab, 32 minutes tak jo bhi transactions hui thi, sab gayab! Yeh sab MWEB protocol ke ek exploit se hua, jisse mining pools par spam attack bhi hua. Ab Litecoin Foundation bol raha hai ki yeh koi 'zero-day' vulnerability nahi thi, matlab yeh koi naya flaw nahi tha jiske baare mein unhe pata nahi tha.
Par yahaan ek bada bawaal hai! Security researchers ne GitHub ke logs check kiye aur unhe kuch aur hi dikha. Unka kehna hai ki ek critical consensus vulnerability, jo invalid MWEB transactions allow karti thi, woh actually attack hone se weeks pehle hi private mein patch ho chuki thi, March 19 aur March 26 ke beech mein. Yeh asli zero-day claim ko challenge karta hai.
Aur baat yahan nahi rukti. Ek alag DoS (Denial-of-Service) flaw bhi tha, jise attack shuru hone wale din, April 25 ko fix kiya gaya. Dono fixes Litecoin Core version v0.21.5.4 mein the, jo usi dopahar release hua tha. Toh asli jhagda yeh hai ki consensus bug toh weeks pehle private mein fix ho gaya tha, par use publicly disclose nahi kiya gaya tha ya miners ko use adopt karne ke liye force nahi kiya gaya.
Ek attacker ne 38 ghante pehle hi apna wallet fund kar liya tha aur Litecoin ko Ether mein swap karne ki planning mein tha. Alex Shevchenko jaise experts ka idea hai ki attacker ne DoS flaw ka use karke un nodes ko disable kiya jinhone patch adopt kar liya tha. Isse unpatched nodes invalid transactions process karte rahe, jisne reorganization ko possible banaya. Network phir bhi khud hi theek ho gaya jab itna updated mining power aa gaya ki attack ko overcome kar sake.
Par yeh Proof-of-Work networks ke liye ek bada challenge hai. Litecoin jaise purane networks mein miners ko khud hi patches adopt karne padte hain. Abhi tak Litecoin Foundation ne GitHub timeline par koi detail comment nahi diya hai. Aur kitna Litecoin affected hua aur koi illegal transaction hui hai ya nahi, yeh sab abhi pata nahi chala hai.