2 years ago
Dogecoin, Zcash and Litecoin person already patched the “critical” vulnerability, but hundreds of others whitethorn not have, risking billions' worthy of crypto.
45 Total views
1 Total shares
Own this portion of past
Collect this nonfiction arsenic an NFT
280 oregon much blockchain networks are estimated to beryllium astatine hazard of “zero-day” exploits that could enactment astatine slightest $25 cardinal worthy of crypto astatine risk, according to cybersecurity steadfast Halborn.
In a Mar. 13 blog, Halborn warned of the vulnerability it dubbed “Rab13s” — adding it has already worked with immoderate blockchains, specified arsenic Dogecoin, Litecoin and Zcash, to institute a hole for it.
Halborn discovered monolithic #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting implicit $25 Billion of integer assets astatine risk!
...
Halborn was contracted by Dogecoin successful March 2022 to behaviour a information reappraisal of its codebase and recovered “several captious and exploitable vulnerabilities.”
It aboriginal determined those same vulnerabilities “affected implicit 280 different networks” that risked billions of dollars worthy of cryptocurrencies.
Halborn outlined 3 vulnerabilities, the “most critical” of which allows an attacker to “send crafted malicious statement messages to idiosyncratic nodes, causing each to unopen down.”
3/ The astir captious vulnerability discovered is related to peer-to-peer (p2p) communications wherever attackers tin trade statement messages and nonstop it to idiosyncratic nodes, taking them offline.
Halborn researchers, led by @safe_buffer, person code-named this vulnerability #Rab13s.
It added these messages implicit clip could exposure the blockchain to a 51% attack wherever an attacker controls the bulk of the network’s mining hash rate oregon staked tokens to marque a caller mentation of the blockchain oregon instrumentality it offline.
Other zero-day vulnerabilities it recovered would let imaginable attackers to clang blockchain nodes by sending Remote Procedure Call (RPC) requests — a protocol allowing a programme to pass and petition services from another.
7/ Secondly, attackers tin execute codification done the nationalist interface (RPC) arsenic a mean node user. Since a valid credential is required to transportation retired the attack, the likelihood of this exploit is lower.
— Halborn (@HalbornSecurity) March 13, 2023It added the likelihood of RPC-related exploits was little arsenic it requires valid credentials to undertake the attack.
“Due to codebase differences betwixt the networks not each the vulnerabilities are exploitable connected each the networks, but astatine slightest 1 of them whitethorn beryllium exploitable connected each network,” Halborn warned.
Related: Jump Crypto and Oasis.app ‘counter exploits’ Wormhole hacker for $225M
The steadfast said astatine this clip it’s not releasing further method details of the exploits owed to their severity and added it made a “good religion effort” to interaction each affected parties to disclose the imaginable exploits and supply remediation for the vulnerabilities.
Dogecoin, Zcash and Litecoin person already implemented patches for the discovered vulnerabilities, but hundreds could inactive beryllium exposed according to Halborn.
English (US) 