A cybersecurity company, Halborn, recently warned of a vulnerability that could put more than 280 blockchain networks at risk of zero-day vulnerabilities, which could expose at least $25 billion worth of cryptography. The vulnerability, which Halborn dubbed “Rab13s,” could have significant consequences for affected networks, and Halborn has already worked with some networks, including Dogecoin, Litecoin, and Zcash, to institute a fix.
The warning comes after Halborn was hired in March 2022 to perform a security review of Dogecoin’s codebase and found “several critical and exploitable vulnerabilities.” Halborn later discovered that these same vulnerabilities “affected 280 other networks,” risking billions of dollars worth of cryptocurrency.
Halborn outlined three vulnerabilities, with the most critical allowing an attacker to “send crafted malicious consensus messages to individual nodes, causing each one to shut down.” Over time, these messages could expose the blockchain to a 51% attack, in which an attacker controls most of the network’s mining hash rate or tokens staked to create a new version of the chain. of blocks or disconnect it.
Halborn found other zero-day vulnerabilities that would allow would-be attackers to crash blockchain nodes by sending remote procedure call (RPC) requests, a protocol that allows one program to communicate and request services from another. However, Halborn added that the likelihood of RPC-related vulnerabilities was lower, since valid credentials were required to perform the attack.
Halborn cautioned that due to code base differences between networks, not all vulnerabilities were exploitable on all networks, but at least one of them might be exploitable on every network. The cybersecurity firm said it would not release further technical details of the exploits due to their severity, adding that it made a “good faith effort” to contact all affected parties to disclose the potential exploits and provide remediation for the vulnerabilities.
While Dogecoin, Zcash, and Litecoin have already implemented patches for the discovered vulnerabilities, Halborn warned that hundreds of other networks could still be exposed. The potential for these zero-day exploits to impact billions of dollars worth of cryptocurrency underscores the importance of strong cybersecurity measures and regular security audits for blockchain networks. As blockchain adoption continues to grow, it is likely that hackers will continue to target vulnerabilities in these networks, making the need for robust security measures even more critical.
