0xB10C on Nostr: tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a ...
tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a block message with an old header and a modified coinbase transaction caused them to SPV mine on the old header for 30s at a time. I responsibly disclosed this to ViaBTC, and they awarded 2000 USDT.