Halborn Identifies Critical Blockchain Vulnerabilities in Dogecoin, Litecoin, Zcash and More
"Rab13s" vulnerabilities put $25 billion worth of digital assets at risk across 280 networks.
Blockchain security firm Halborn recently discovered "several critical and exploitable vulnerabilities" in the open-source code for blockchain networks such as Dogecoin, Litecoin, Zcash and many others with similar code bases, which could be exploited across more than 280 networks.
Codenamed 'Rab13s', these vulnerabilities put more than $25 billion worth of digital assets at risk, as they could have allowed hackers to remotely execute arbitrary code and take control of affected systems.
According to the official blog post, the problem was first discovered on the Dogecoin network a year ago and has since been fixed by the developers of the popular meme-based cryptocurrency. The most critical vulnerability discovered relates to peer-to-peer (P2P) communication, allowing an attacker to craft a consensus message and send it to individual nodes, taking them offline. With this vulnerability, an attacker could send malicious consensus messages to individual nodes, causing them to go offline and ultimately exposing the network to risks such as 51% attacks and other serious problems.
While some of the other issues were known CVEs (Common Vulnerabilities and Exposures) from Bitcoin, another zero-day identified by Halborn was uniquely related to Dogecoin, including an RPC (Remote Procedure Call) remote code execution vulnerability affecting individual miners. Subsequently, variants of these zero days were also discovered in similar blockchain networks, including Litecoin and Zcash.
Halborn successfully developed an exploit kit for Rab13s, which includes a proof of concept with configurable parameters to demonstrate the attacks on different networks.