According to the cybersecurity company Halborn, More than 280 blockchain networks are at risk of “zero-day” attacks that could jeopardize cryptocurrencies worth at least $25 billion.
In a blog post published on March 13, Halborn warned of the vulnerability dubbed “Rab13s” and added that he has already worked with some blockchains, such as Dogecoin, Litecoin, and Zcash, to establish a fix.
Halborn discovered massive #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!
…
—Halborn (@HalbornSecurity) March 13, 2023
Halborn discovered a massive zero-day affecting Dogecoin and over 280 other networks, including Litecoin and Zcash, putting over $25 billion in digital assets at risk! …
Halborn said he was hired in March 2022 to conduct a security review of the Dogecoin codebase and found “several critical and exploitable vulnerabilities.”
He later determined that those same vulnerabilities “affected more than 280 other networks” that put billions of dollars worth of cryptocurrency at risk.
Halborn described three vulnerabilities, the “most critical” of which allows an attacker to “send malicious consensus messages to individual nodes, causing each one to shut down.”
3/ The most critical vulnerability discovered is related to peer-to-peer (p2p) communications where attackers can craft consensus messages and send it to individual nodes, taking them offline.
Halborn researchers, led by @safe_bufferhave code-named this vulnerability #Rab13s.
—Halborn (@HalbornSecurity) March 13, 2023
3/ The most critical vulnerability discovered is related to peer-to-peer (p2p) communications, in which attackers can craft consensus messages and send them to individual nodes, disconnecting them. Halborn researchers, led by @safe_buffer, have codenamed this vulnerability #Rab13s.
He added that, Over time, these messages could expose the blockchain to a 51% attack, in which an attacker controls the majority of the network’s mining hash rate or staked tokens to create a new version of the blockchain. or disconnect it.
Other detected zero-day vulnerabilities would allow potential attackers to crash blockchain nodes by sending remote procedure call (RPC) requests.a protocol that allows one program to communicate and request services from another.
7/ Secondly, attackers can execute code through the public interface (RPC) as a normal node user. Since a valid credential is required to carry out the attack, the likelihood of this exploit is lower.
—Halborn (@HalbornSecurity) March 13, 2023
7/ Second, attackers can execute code through the public interface (RPC) as a normal node user. Since a valid credential is required to carry out the attack, the probability of this exploit is lower.
He added that the probability of exploits related to RPC was lower, since it requires valid credentials to carry out the attack.
“Due to code differences between networks, not all vulnerabilities are exploitable on all networks, but at least one of them may be exploitable on every network,” Halborn warned.
The company said it was not going to release further technical details of the exploits at this time due to their severity, adding that it made a “good faith effort” to contact all affected parties. to reveal potential exploits and provide fixes for vulnerabilities.
According to Halborn, Dogecoin, Zcash, and Litecoin have already implemented patches for the discovered vulnerabilities, but hundreds of them could still be exposed.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.
