Bitcoin Q&A: CVE-2018-17144 vulnerability

What is the CVE-2018-17144 vulnerability in the Bitcoin Core client? How did such a critical bug happen? What should we do about it?

Please see the following about upgrading your node to the latest release; alternatively you can find various backported releases with the vulnerability fixed:

This question is from the September monthly Patreon session, which took place on September 29th 2018. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron:

Advanced Bitcoin Scripting, Part 1: Transactions and Multisig –
Advanced Bitcoin Scripting, Part 2: SegWit, Consensus, and Trustware –
Migrating to post-quantum cryptography
What is a private key? –
Public keys vs. addresses –
Protocol development security –
Software distribution security –
Lightning’s security model –
Misconceptions about the Lightning Network –
Eltoo, and the early days of Lightning –
Lightning Network scaling –
Lightning Network interoperability –
Lightning Network game theory –
Atomic swaps –
Full node and home network security –
Running nodes and payment channels –
What is Segregated Witness (SegWit)? –
SegWit and fork research –

Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin.

Follow on Twitter: @aantonop

He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters.

Subscribe to the channel to learn more about Bitcoin & open blockchains; click on the red bell to enable notifications about new videos!


Translations of MASTERING BITCOIN:



Translations of THE INTERNET OF MONEY:
Spanish, ‘Internet del Dinero’ (v1) –
French, ‘L’internet de l’argent’ (v1) –
Russian, ‘Интернет денег’ (v1) –
Vietnamese, ‘Internet Của Tiền Tệ’ (v1) –


Music: “Unbounded” by Orfan (
Outro Graphics: Phneep (
Outro Art: Rock Barcellos (


Recommended For You

About the Author: aantonop


  1. I got question. What would happen if a government decided to through billions of dollars to build a mining farm. How hard would it be for say the us to through a trillion dollars at a mining farm to make themselves above the 50% of the network. What is in place to make sure that doesn't change bitcoin? Uncle Sam spends billions if not trillions just to spy on us what happens if they turn that against bitcoin?

  2. BCH dev found it, even divided Bitcoin is still the most anti-fragile thing that exists. Finanical tribal anymocity of some prominent bitcoiners is counterproductive

  3. Andreas is my hero but I don't think his closing remarks were right. He said this didn't kill Bitcoin; it only made it stronger. Um, yeah but that's because the bug wasn't exploited. Imagine if the programmer that discovered it quietly took it to Chase Bank CEO Jamie Dimon. Andreas could have conceded we almost saw Bitcoin go to zero.

  4. Wouldn't test driven development (TDD) with solid code coverage have exposed this bug when the associated optimization was introduced? Do C++ programmers just not have TDD in their culture?

Leave a Reply