Bitcoin's software gets security fixes, new features

Bitcoin-QT, rebranded as Bitcoin Core, has more than six fixes for the so-called transaction malleability problem

An upgrade to Bitcoin's software adds new features and several security fixes.

An upgrade to Bitcoin's software adds new features and several security fixes.

The software driving Bitcoin's network was upgraded Wednesday, with security fixes addressing a problem that defunct bitcoin exchange Mt. Gox blamed for losing nearly half a billion dollars worth of bitcoins.

The open-source software, known as Bitcoin-QT, has also been rebranded as "Bitcoin Core" to highlight that it runs the core infrastructure of the virtual currency's transaction and verification network.

Upgrading Bitcoin's software is a delicate operation, and many of the changes have been under discussion for months. The market capitalization of all bitcoins in circulation is roughly US$8 billion, according to figures from, and a mistake could be costly.

But the virtual currency has weathered innumerable negative events over the past five years and is still seeing growing adoption by businesses and retailers as an alternative payment platform.

The value of a bitcoin wobbled only slightly after Mt. Gox, at one time the largest bitcoin exchange, filed for bankruptcy protection in Tokyo District Court on Feb. 28 and in U.S. Bankruptcy Court for the Northern District of Texas on March 9.

In early February, Mt. Gox said it was investigating a long-known security problem called "transaction malleability," which in some cases can allow attackers to make it falsely appear they haven't received a bitcoin payment if an exchange isn't properly validating transactions.

Other exchanges briefly halted trading while inspecting their code, but bitcoin experts said highly customized software written by Mt. Gox likely exacerbated the problem.

After filing for bankruptcy, Mt.Gox said the bug was possibly responsible for the missing bitcoins, valued at US$474 million at the time. It has not yet provided a clearer explanation for the losses.

The latest version of bitcoin's software, 0.9.0, contains more than a half dozen fixes for transaction malleability, according to the release notes for the software.

Bitcoin Core also contains a new feature for payment requests. Previously, merchants couldn't attach a note describing an invoice, and people also could not supply a refund address to a merchant.

The latest version automatically supplies a refund address. The payment requests can also be cryptographically signed to ensure the bitcoins are going to the intended recipient, wrote Wladimir van der Laan of the Bitcoin Core Development Team.

The improvements help make bitcoin more usable for commerce. Lann wrote that future Bitcoin Core releases will aim to fine tune the software, improving its functionality and the users' experiences.

Developers creating bitcoin-compatible software are advised to incorporate the software changes into their own "wallets," which are software programs for holding and transferring bitcoins, and other payments applications.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesno companye-commercesecurityinternet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts