According to cybersecurity company Halborn, at least 280 blockchain networks may be vulnerable to “zero-day” exploits that could endanger at least $25 billion worth of cryptocurrency.
In a blog post on March 13, Halborn warned about the “Rab13s” vulnerability and said it has already worked with various blockchains to provide a remedy, including Dogecoin, Litecoin, and Zcash. In March 2022, Dogecoin hired Halborn to perform a security review of its codebase. Halborn discovered “several critical and exploitable vulnerabilities.”
Later, it was discovered that the same flaws “affected over 280 additional networks” and put billions of dollars’ worth of cryptocurrencies at danger. The “most significant” of the three flaws highlighted by Halborn allows an attacker to “deliver tailored malicious consensus messages to particular nodes, leading each to shut down.”
As these messages were added over time, the blockchain may be vulnerable to a 51% assault, in which an attacker seizes control of the majority of the network’s hash rate and uses staked tokens to alter the blockchain or take it down .Additional zero-day flaws it discovered might be used by attackers to crash blockchain nodes by making Remote Procedure Call (RPC) requests, a technique that lets one software connect with another and ask for services.
It was also stated that since an RPC-related attack needed legitimate credentials, the possibility of such vulnerabilities was decreased. Not all vulnerabilities can be exploited on all networks due to different codebases, although Halborn cautioned that any network may have access to at least one of them.
The company stated that due to the severity of the exploits, it is not at this time disclosing additional technical information about them. It also stated that it made a “good faith effort” to get in touch with all affected parties to inform them of the potential exploits and to offer a fix for the vulnerabilities. The found flaws have already been patched in Dogecoin, Zcash, and Litecoin, but hundreds more may still exist, according to Halborn.
