Bitcoin Core quietly patched its first-ever memory safety bug months before publicly disclosing the vulnerability on Tuesday, while a large share of nodes may still be running affected software.
The high-severity flaw could have allowed miners to remotely crash and potentially execute code on other user’s nodes using specially crafted invalid blocks.
The vulnerability, labeled CVE-2024-52911, affected all Bitcoin Core versions from 0.14.0 through 28.x, according to the notice. A miner willing to spend real proof-of-work resources on specially crafted invalid blocks could have exploited it to crash victim nodes.
Furthermore, because the flaw is a use-after-free memory error, remote code execution was possible during the resulting abnormal memory state, though Bitcoin Core said block data constraints made that outcome unlikely.
However, the attack vector also carried a built-in deterrent.
Any miner attempting it would have needed to burn real hashpower on invalid blocks with no reward to recover. A guaranteed loss that likely kept the bug dormant in the wild.
The fix
Cory Fields of MIT’s Digital Currency Initiative discovered the vulnerability and privately reported it on November 2, 2024.
Four days later, Bitcoin Core developer Pieter Wuille released a covert fix, deliberately titled “Improve parallel script validation error debug logging” to avoid flagging potential attackers.
The covert fix was merged in December 2024 and later shipped in Bitcoin Core version 29.0 in April 2025. The last vulnerable release line, version 28.x, reached end-of-life on April 19, 2026 — clearing the path for Tuesday’s public disclosure.
Bitcoin Core developer Niklas Gögge wrote on X that it represents “the first ever memory safety issue” across roughly two years of the project’s public security advisories, crediting Fields for responsible disclosure.
Bitcoin’s consensus rules were not affected, since the bug was confined to node software memory handling and introduced no changes to onchain behavior.
Nevertheless, the disclosure arrived with an uncomfortable caveat.
According to one widely cited estimate based on Clark Moody’s dashboard, approximately 43% of Bitcoin (BTC) nodes may still be still running pre-v29 software and remain exposed to the risk.
Quantum risks
The vulnerability disclosure also adds to a period of acute focus on Bitcoin’s infrastructure security.
In April, researchers proposed BIP-361 to phase out legacy signature types as a hedge against quantum computing threats, as The Block previously reported.
A separate Paradigm Research proposal has since offered an alternative mechanism to protect dormant Satoshi-era coins without forcing address migration.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
