Blockchain security unit Halborn has discovered several critical flaws in Dogecoin’s source code, affecting 280 other networks and putting more than $25 billion at risk.
According to a report on March 13, security company Halborn, after an evaluation process, found 3 serious bugs in Dogecoin’s open source code and quickly patched them. However, when looking at the bigger picture, Halborn discovered that these vulnerabilities had spread to 280 similar networks.
🚨 Halborn discovered massive #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!
…
— Halborn (@HalbornSecurity) March 13, 2023
The set of vulnerabilities is what Halborn calls “Rab13s”.
Specifically, the most severe vulnerability that Halborn researchers found involved a P2P network, where an attacker could manually generate consensus messages, send them to individual nodes, and shut them down. Go. From there, the network will be at risk of a “51% attack” due to the difference in the number of validating nodes.
The second vulnerability mentioned by Halborn is related to RPC, allowing an attacker to crash a node through RPC requests. However, this requires information authentication, which somewhat reduces the possibility of the entire network being affected.
Finally, the third vulnerability allows an attacker to execute code while the node is running via RPC. However, similar to vulnerability 2, the vulnerability of vulnerability 3 is relatively low because it requires authentication steps from node.
It is worth mentioning that “variants” of Rab13s have also been discovered in blockchain networks similar to Litecoin, Zcash or Horizen. The security unit said that due to source code base differences between networks, not all vulnerabilities can be exploited equally.
The source of some of the bugs found in the pre-existing Bitcoin Core code, Halborn revealed.
Halborn has attempted to contact affected networks for information about Rab13s. In response, Zcash confirmed that it has not been hacked, Litecoin on March 12 released a new update that fixed the bug, while Horizen also revealed that a fix will be available soon.
Additionally, Halborn is not disclosing more exploit details or technology at this time due to the severity of the problem.
Synthetic Kyptos
