Several blockchains contain vulnerabilities under the collective term “Rab13s,” according to a report from blockchain security firm Halborn on March 13.
DOGE, ZEC, LTC resolve security issue
Halborn said that it was contracted to inspect Dogecoin’s code in March 2022 and reported that the project has patched any vulnerabilities it found.
Zcash similarly announced on March 13 that it has released an update that addresses the exploit. The project said that the vulnerability originated in Bitcoin Core’s code and added that there is no evidence that an attack has occurred against Zcash itself.
Litecoin seemingly issued an update that addresses the vulnerability on March 12, though it did not directly mention Halborn or its findings.
Horizen also said that it had been informed of the potential vulnerability by Halborn. It disclosed the issue and published a fix on March 13.
The main vulnerability allows attackers to take unpatched blockchain nodes offline by sending consensus messages to those nodes. By taking down nodes, an attacker could make a 51% attack against the relevant blockchain network more feasible. Later, the attacker could commit a double spend attack or otherwise harm the network.
A secondary vulnerability allows the attacker to halt nodes via an RPC request, and a third vulnerability allows attackers to execute code through RPC. Both of these attack methods require valid credentials and are, therefore difficult to execute.
Hundreds of blockchains at risk
Halborn says that over 280 other blockchain networks contain variations on these vulnerabilities and added that it has shared exploit kits with those projects.
The security firm said that some issues are previously-known Bitcoin vulnerabilities, while other lines of attack are unique to Dogecoin and other networks. According to the blockchain security firm, not all exploits are possible on all networks.
The widespread issue may put more than $25 billion of crypto at risk, Halborn says.
This story is developing and CryptoSlate has attempted to contact various blockchain projects for comment. Please contact [email protected] to provide a comment.
Leave a Reply