Bitcoin vulnerability disclosure CVE-2018-17145 published: https://t.co/5h1Pw1aXK7
Big ups to Braydon Fuller and entire @bcoin team for discovering the bug and disclosing responsibly.
Bcoin, bitcoin core and btcd were all vulnerable. #bitcoin
2017 were spam attacks. There was a group of people who stood to profit humongously from bitcoin struggling too much, possibly to the point of breaking, and pushing big blocks fork as the "real bitcoin". One way to achieve that was to fill the mempool with transactions in an attempt to slow down legit ones. It was a sustained attack for quite some time, and around mid November 2017 it was further helped with bitcoin dumping and hash power attack.
As they say, the rest is history. I'm personally VERY happy the attackers got savagely rekt, one by one, at tremendous financial cost. They had no reputation to begin with, and never cared about anything but profits. So huge losses was the perfect way to hurt them.
I'll just add that in the meantime this group, which had a significant mining % of the network, was mining empty blocks in addition, which reinforced the spam effect since many blocks weren't clearing the mempool.
Also, it was about pushing for big blocks, but also about avoiding segwit at all cost, which would see them lose their Antbleed mining advantage IIRC
Summary: an attacker sends an INV message to a victim node with 49,999 hashes of transactions that don't exist. The victim node stores all those hashes in memory and waits for the TXs to arrive (they never do). The process can be repeated quickly until the victim node is out of memory.