Bitcoin Core developers disclosed a high-severity bug that could allow miners to remotely crash some Bitcoin nodes.
Summary
- Bitcoin Core disclosed CVE-2024-52911, affecting versions before 29.0, with older nodes still exposed online.
- Miners needed costly proof-of-work blocks to trigger crashes, making real-world abuse historically unlikely for attackers.
- Cory Fields privately reported the bug in 2024, before Bitcoin Core 29.0 shipped patched software.
The issue, tracked as CVE-2024-52911, affected Bitcoin Core versions after 0.14.0 and before 29.0. The bug was fixed in Bitcoin Core 29.0, which was released in April 2025.
Bitcoin Core made the issue public on May 5, 2026, after the final vulnerable 28.x release line reached end of life on April 19.
Bug affected block validation
The issue involved Bitcoin Core’s script interpreter during block validation. Bitcoin Core said a specially crafted block could cause a node to access memory after that data had already been freed.
During validation, Bitcoin Core pre-calculates transaction input data and sends script checks to background threads. In some cases, an invalid block could destroy cached data while another thread still tried to read it.
Bitcoin Core said this could allow an attacker with enough proof-of-work to crash victim nodes. It also said “it is possible” the crash could support remote code execution, though limits on block data made that outcome “unlikely.”
Attack required costly mining
The attack was not simple to carry out. A miner would need to produce a specially crafted block with enough proof-of-work to reach the chain tip.
That made the attack costly because such a block would be invalid. It could not earn a normal block reward, leaving the attacker to spend hashpower without collecting the usual mining payout.
Bitcoin Core did not say the bug had been used in real attacks. The advisory focused on the flaw, the fix, and the disclosure timeline.
The bug did not change Bitcoin’s consensus rules. It was tied to memory handling in Bitcoin Core software, not the rules that define valid Bitcoin transactions or blocks.
Cory Fields reported the flaw
Cory Fields of the MIT Digital Currency Initiative privately reported the bug on Nov. 2, 2024. Bitcoin Core said the report included a proof of concept and a proposed way to reduce the risk.
Pieter Wuille pushed a covert fix four days later through PR 31112. The pull request was merged on Dec. 3, 2024, before Bitcoin Core 29.0 shipped with the fix in April 2025.
The advisory followed Bitcoin Core’s disclosure policy for high-severity bugs. Its policy says high-severity issues are disclosed after the last affected release goes end of life.
In addition, node operators using Bitcoin Core versions before 29.0 still face the old bug. Bitcoin Core does not auto-update, so users must install newer versions manually.
A past report on blockchain decentralization risks cited research that 21% of Bitcoin nodes ran outdated Bitcoin Core software in June 2021. That context shows why older client versions can remain a security concern long after fixes ship.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Bitcoin Hits Longest Negative Funding Streak This Decade
Trading back above $82,000 on Wednesday, Bitcoin (BTC) has reached its highest level in over three months, while the longest negative funding streak this decade could amplify short squeeze risk, according to research and brokerage firm K33.
Record-Breaking Negative Funding Streak
The 67
CryptoFrontier4m ago
Whale 'Jason60704294' Closes 501.65 BTC Short Position at $80,837, Takes $610K Loss
According to Odaily, on-chain analyst Ai姨 detected that whale 'Jason60704294' closed a 501.65 BTC short position yesterday afternoon that was opened at $80,837.9, worth $40.55 million. The whale incurred an estimated loss of $610,000 on the
GateNews29m ago
Gomining Launches GoBTC at Consensus Miami, Targeting Bitcoin's Long-Awaited Payments Layer
Gomining, one of the world’s top-10 bitcoin miners with five million users, has unveiled GoBTC at Consensus Miami 2026, an open payment protocol delivering instant authorization and onchain bitcoin settlement within 12 hours, at a 0.2% merchant fee.
Key Takeaways:
Gomining launched GoBTC at Conse
Coinpedia1h ago
Bitcoin Price Continues to Trade Above $80,000, Is It the Right Time to Buy?
Bitcoin price continues to trade above $80,000.
Is it the right time to buy into the crypto market?
Analysts say more patience could deliver higher gains.
The crypto community is thrilled to see the price of Bitcoin (BTC), the pioneer crypto asset, trade above the $80,000 price range. Th
CryptoNewsLand2h ago
Whale "pension-usdt.eth" Faces $19.6M Floating Loss on BTC and ETH 3x Short Positions
Gate News message, whale account "pension-usdt.eth" currently holds $BTC and $ETH 3x short positions with a floating loss exceeding $19.6 million as the market continues to rise. The whale's profit has declined from over $32 million to $10.66 million.
GateNews2h ago
Bitcoin holds above the $80,000 mark, and the crypto Fear & Greed Index turns 「neutral」 for the first time since January
Bitcoin holds above $80,000, and the Fear and Greed Index has returned to a neutral level for the first time since January. Analyze the reasons behind the shift in sentiment, ETF fund flows, and regulatory progress, and interpret the logic behind institutional entry.
GateInstantTrends2h ago
