This article was published on May 6, 2019

Bitcoin has nearly 100,000 nodes, but over 50% run vulnerable code

Running Bitcoin means keeping it updated


Bitcoin has nearly 100,000 nodes, but over 50% run vulnerable code

On May 5, the Bitcoin network briefly boasted over 100,000 ‘full nodes,’ but most are still running out-of-date versions of the software.

Indeed, it is often reported that Bitcoin has somewhere around 9,000 to 10,000 full nodes validating its blockchain (Hard Fork has done this, too!).

According to prominent Bitcoin Core developer Luke Dashjr, that number is closer to 100,000 – and he says it’s because other node monitoring services typically include only one type of node (“listening nodes”).

Whether nodes are “listening” isn’t all that important

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The security of the Bitcoin network can be gauged by the number of nodes that keep a complete copy of its blockchain.

These are referred to as “fully-validating nodes,” or “full nodes” for short. Bitcoin miners broadcast messages (transactions) across the network for validation using these full nodes.

A higher number of nodes increases the overall security of Bitcoin by making double-spending more difficult for malicious miners.

Dashjr previously told Hard Fork that popular sites like Coindance only show Bitcoin’s “listening nodes,” but whether a node is “listening” is a mostly-irrelevant technical detail.

Listening nodes are essentially the same as full nodes, but publicly visible.

Courtesy of Luke Dashjr

“Economic nodes – those handling transactions – can be both listening and not,” said Dashjr. “Frankly, looking at just listening nodes isn’t a very useful metric – non-listening nodes are just as relevant.”

Dashjr said that in a sense, “listening nodes” are much like “open ports,” which ultimately makes them easier to track. He also expressed his chart updates hourly, and is based on four weeks of data to ensure it includes nodes that aren’t constantly online.

“I’m not sure why these sites continue to give meaningless information, and don’t use better algorithms to present a more accurate view of the network,” added Dashjr.

Old Bitcoin vulnerabilities are still hanging around

One concerning statistic is that over half of the Bitcoin network is running out-of-date versions of the Bitcoin Core software.

In particular, almost 58 percent of Bitcoin nodes are vulnerable to exploit CVE-2018-17144, which allows malicious miners to crash the Bitcoin network with a costly denial-of-service attack.

Bitcoin Core devs later disclosed the exploit also allows bad actors to potentially inflate Bitcoin’s supply past its 21-million limit.

At the time, the network was urged to update software as soon as possible to keep the blockchain robust, so this should be considered a reminder.

Did you know? Hard Fork has its own stage at TNW2019, our tech conference in Amsterdam. Check it out.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with