Software that use Bitcoin Core 0.9.4 is vulnerable to invalid blocks that were reportedly generated by some miners on 4 and 5 July causing the threat of double spends, an alert on the bitcoin.org states. No fraudulent activity has been reported.

On 4 July, a miner generated a small invalid block that was accepted by the network and new blocks were built on top of it. The first invalid block did not cause any double spending. However, the second fork occurred on 5 July at 21:30 and by 2:00 UTC on 6 July the problem had not been yet resolved. Currently, there is a risk that some of the transactions made after 00:00 UTC on 6 July will be shown as confirmed when in fact they are not.

Bitcoin.org recommends the users of Simplified Payment Verification (SPV) wallets and of the Core versions earlier than 0.9.5 to wait for additional 30 verifications. Miners are recommended to return to full block validation temporarily. Everyone is encouraged to upgrade to more recent versions of the Bitcoin Core.

SPV is used within bitcoin clients, such as smartphones, tablets, or embedded systems that do not have the ability to store the full blockchain, which now occupies over 12GB. The SPV node is a very popular type of node with bitcoin wallets. An SPV-operated device downloads a chain of blocks without the transactions included in each block and therefore cannot provide full verification of transactions in the blockchain.

The community is closely watching the situation and the possible solutions to prevent similar issues in the future. Miners themselves are keen to report these problems. One of the first individuals who posted a warning about the fork from 5 July was Wang Chun, an operator of F2Pool who mined four of the invalid blocks on top of the fork from 4 July, according to the author of the bitcoin.org warning.

 

Aliona Chapel