Bitcoin Core has cleared its first-ever third-party security audit, with results confirming that the software securing the world’s largest decentralized network is highly mature.
The review, conducted by French security firm Quarkslab and commissioned by OSTIF on behalf of Brink, examined the project’s most sensitive components, particularly the peer-to-peer (P2P) layer and block validation logic, over a 104-day period between May and September.
According to the report, Bitcoin Core’s codebase is “the most mature and well-tested,” the auditors evaluated, despite its size, which includes more than 200,000 lines of C++ and over 1,200 tests already in place.
The team found no high- or medium-severity vulnerabilities, identifying only two low-severity issues and a series of improvement suggestions related mostly to fuzzing harnesses and test coverage. None of the findings had any impact on consensus, denial-of-service resilience or transaction validation.
Related: Institutions lean into crypto despite Bitcoin price slump
Reviewers find no exploitable bugs
The audit placed heavy emphasis on Bitcoin’s P2P networking layer, the component responsible for relaying blocks, transactions and peer discovery across roughly 125 connections per node. Reviewers reported no cases where malicious data could bypass validation or the ban mechanism designed to isolate misbehaving peers.
The team also examined the mempool logic, chain-state transitions and reorganization handling, all areas where subtle bugs could create network-wide disruptions. No exploitable pathways were identified in these areas either.
“No significant security issues were identified. Most recommendations focus on refining existing fuzzing harnesses to further improve their effectiveness and coverage,” the report concluded.
Related: US won’t start Bitcoin reserve until other countries do
Bitcoin Core vs. Knots debate
The audit comes amid the recent dispute between supporters of Bitcoin Core and Bitcoin Knots. The months-long debate, triggered by the Bitcoin Core v30 update, centers on whether non-financial data should be allowed on the blockchain, with critics warning the changes could “open the floodgate” to spam.
Knots supporters argue that filtering out such data is necessary to prevent illegal or unethical content from being embedded in Bitcoin’s ledger. Bitcoin Core developers, however, say imposing restrictions would harm network cohesion, confuse users and run counter to the technology’s foundational principles of openness and neutrality.
According to Galaxy Digital’s head of research, Alex Thorn, most institutional Bitcoin (BTC) investors appear unfazed by the dispute. Based on Thorn’s poll of 25 institutional clients, 46% weren’t aware of it, 36% said they didn’t care, and the remaining 18% all sided with Bitcoin Core.
Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more