Around 280 blockchains are plagued by serious vulnerabilities known as “Rab13s,” according to a report issued Monday by the blockchain security firm Halborn.
According to Halborn, it was recruited to examine Dogecoin’s code in March 2022, and any vulnerabilities it found were quickly fixed.
Halborn conducted a more extensive investigation and found that the same flaws affected over 280 additional networks, including Litecoin and Zcash, endangering over $25 billion in digital assets.
According to Halborn, the key weakness allowed attackers to shut down unpatched blockchain nodes by transmitting consensus messages over peer-to-peer (p2p) connections.
An attacker could execute a 51% attack against the relevant blockchain network more feasibly by taking down nodes. The attacker could then perpetrate a double attack or cause other network damage.
A secondary vulnerability would allow a hacker to halt nodes through an RPC. A third vulnerability that Halborn discovered encouraged hackers to execute code via RPC. Both of these attack methods necessitate valid credentials and are thus, comparatively difficult to carry out.
Blockchains begin addressing the issue Zcash announced the release of an update that addresses the exploit. The vulnerability was discovered in the code of Bitcoin Core, according to the project, and there is no evidence of an attack on Zcash itself.
In a statement, Zcash Foundation claimed, “Zebra is an independent Zcash node implementation and is not based on Bitcoin Core. Halborn has confirmed that Zebra is not vulnerable to these issues.”
Horizen also issued an update that Halborn had informed them of the potential vulnerability, it disclosed the problem and published a patch to address the vulnerabilities.
Litecoin also issued an update earlier this month that resolves the vulnerability. Worth noting, however, that it made no mention of Halborn or its findings. The new update ensures that nodes on lower-end hardware do not run out of memory in the face of increased network traffic.
According to Halborn, some of the issues are previously known Bitcoin vulnerabilities, while others are unique to Dogecoin and other networks. Not all exploits are possible on all networks, according to the blockchain security firm.
Author
