This is a case study of ethical security disclosure practices in cryptocurrency. We analyze how security experts reacted in disclosing a serious vulnerability in miner hardware to the public, and identify problems with the reaction of several particular experts that we believe violate ethical disclosure norms. It is my hope that by discussing what went wrong in the past, the Bitcoin community can grow into a more secure and robust space that respects appropriate professional ethics in interactions with the public.
The incident below occurred on 26 April 2017, when a vulnerability in Bitcoin miner hardware, Antbleed, was discovered. Soon after discovery, some security professionals opportunistically used this vulnerability to advance false and damaging statements about the nature of the attack to the general public, in a manner that was disseminated widely beyond their control. We describe the facts and consequences of the incident below.