Cryptocurrencies are decentralized and lack a central bank that manages them, which poses a challenge when security vulnerabilities are discovered in their systems.
It is often unclear who is responsible for the systems, whether a vulnerability affects a particular system, or if a bug has been patched. Researchers, led by Professor Ghassan Karame, a member of the Cluster of Excellence CASA—Cybersecurity in the Age of Large-Scale Adversaries at Ruhr University Bochum, Germany, have investigated how long it takes to patch proven security vulnerabilities in various cryptocurrencies.
The researchers examined how different cryptocurrencies responded to 44 severe network security vulnerabilities, including one exposed by Karame and his collaborators in 2015.
The researchers developed a tool to determine the approximate time taken by various cryptocurrencies to address the vulnerability, which showed that while Bitcoin fixed the vulnerability in seven days, Litecoin took 114 days, Dogecoin took 185 days, and Digibyte almost three years.
The analyses consistently showed that the majority of altcoins took hundreds or thousands of days to address security flaws.