| submitted by /u/canada2121
0.16.3 was announced a few days ago, but if you're running a node and haven't already updated, then you really must do so as soon as possible. The bug fixed in 0.16.3 is more severe than was previously made public. You can download 0.16.3 from bitcoin.org or bitcoincore.org or via BitTorrent, and as always, make sure that you verify the download.
If you only occasionally run Bitcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it.
Stored funds are not at risk, and never were at risk. Even if the bug had been exploited to its full extent, the theoretical damage to stored funds would have been rolled back, exactly as it was in the value overflow incident. However, there is currently a small risk of a chainsplit. In a chainsplit, transactions could be reversed long after they are fully confirmed. Therefore, for the next week or so you should consider there to be a small possibility of any transaction with less than 200 confirmations being reversed.
Summary of action items:
- You should not run any version of Bitcoin Core other than 0.16.3. Older versions should not exist on the network. If you know anyone who is running an older version, tell them to upgrade it ASAP.
- That said, it's not necessary to immediately upgrade older versions if they are currently shut down. Cold-storage wallets are safe.
- For the next ~week, consider transactions with fewer than 200 confirmations to have a low probability of being reversed (whereas usually there would be essentially zero probability of them being reversed).
- Watch for further news. If a chainsplit happens, action may be required.
I have a policy of using <company>@<my domain> whenever I sign up for an online account, since <any address>@<my domain> comes to my email account. This lets me track who is selling my contact information because if I receive an email from <company A> which has <company B>@<my domain> as the email target, I know that <company B> has sold/informed <company A> about me.
This morning, I received an email from liteBit.eu. It was spam, of course, the 'your invoice' link was a link to some vet site, nothing to do with crypto at all. The interesting thing is:
That it was sent to bitmain@<my domain>, thus telling me who sold the address
Also, it had the first line of the delivery address that I sent my miners to.
I co-locate my miners, and no other company has ever been given the co-location address. This puts the ball firmly in Bitmain's park.
They are selling our contact details to spammers.