Incident Response, TDR, Vulnerability Management

Bitcoin community offers up $10K bug bounty

Technology giants – such as Google, Microsoft and Yahoo – offer up big rewards to researchers who report critical vulnerabilities. Bitcoin users are now offering up their own type of bug bounty.

In the wake of a number of attacks and hacks affecting the Bitcoin community, users of the digital currency have banded together to offer a crowd-funded $10,000 bounty to whoever fixes a Mac OS X Bitcoin LevelDB data corruption issue.

Warren Togami, a Linux software engineer and founder of the Fedora operating system, took to Bitcoin forum bitcointalk.org on Nov. 18 to announce that the bounty would be awarded to the person or persons who document how and provide an explanation as to why anyone can consistently reproduce the data corruption, as well as write a code fix that Bitcoin developers accept. 

LevelDB is Google's open source key-value database and is used by Bitcoin to store transaction data. The problem for some Mac OS X users is that, essentially, their transaction data is being lost.

The LevelDB data corruption issues have been affecting Mac OS X users sporadically since the introduction of LevelDB in Bitcoin 0.8.x, according to the post by Togami. He provides links where those who are affected have been discussing their issues.

“Bitcoin master now contains two Mac-specific fsync patches and an upgrade to LevelDB 1.13,” Togami wrote. “Bitcoin 0.8.5 OMG3 and Litecoin 0.8.5.2-rc5 contains these same patches. It is possible that a different Mac corruption issue was solved by these earlier patches, but users of these branches have reported continued corruption. Curiously, corruption seems to happen after a clean shutdown and restart of the client.”

Although still in the dark about many issues, Togami seemed to pick up on one trend. “All corruption reports seem to be from MacOS X 10.8.x and 10.9 users,” the engineer wrote. “It is unclear if earlier versions of MacOS X are affected. It is unknown if particular hardware or software configurations are involved.”

Currently the bounty stands at 10 Bitcoins and 200.2 Litecoins, which is worth around $10,000 going by current exchange rates. Gavin Andresen, chief scientist at the Bitcoin Foundation, contributed five Bitcoins, BitcoinTalk donated four Bitcoins, Litecoin development team put forward 200 Litecoins and public donations have added up to one Bitcoin.

November has not been the best month for Bitcoin service providers and users. Earlier this month Bitcoin eWallet Inputs.io was the victim of a hack that relieved the service of 4,100 Bitcoins, which translated at the time to about $1.1 million. About two weeks later, attackers stole 1,295 Bitcoins from Denmark-based Bitcoin exchange BIPS, which currently translates to more than $1.1 million.

Togami did not respond to a request from SCMagazine.com for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.