- Halborn identified critical vulnerabilities of Dogecoin, Litecoin, Zcash
- Attacker can take blockchains offline or even make new versions of them
Almost 300 blockchain networks risk losing $25 billion or more in crypto assets due to “zero-day” exploits, warned Halborn, a cybersecurity firm.
In a blog post published on March 13, they wrote they had been hired to assess the Dogecoin open source code for any weaknesses that might impact the blockchain’s security. Halborn identified a number of exploitable and critical vulnerabilities, which the Dogecoin team since fixed.
Following a wider evaluation, the cybersecurity firm found the same vulnerabilities also affected Zcash, Litecoin, and 280 other blockchain networks, jeopardizing more than $25 billion in crypto.
Rab13s: the most critical flaw
Halborn named the most critical flaw Rab13s. It enables exploiters to send individual nodes specially designed malicious consensus messages, which make the node collapse.
If these messages accumulate, the blockchain could become vulnerable to a 51% attack, where an exploiter controls most of the tokens staked on the network or its mining hash rate. This is enough to take the blockchain offline or even make a new version of it.
Crashed blockchain nodes and other vulnerabilities
Halborn also found other vulnerabilities, like the possibility of cybercriminals sending Remote Procedure Call (RPC) requests to crash blockchain nodes. RPCs allow programs to provide and request services from each other.
At least one element per network is exploitable
The firm added that RPC-related attacks weren’t as likely because they required valid credentials. They warned that at least one vulnerability per network was exploitable, but assured not all networks were exploitable due to codebase differences.
Halborn is not releasing any more technical details of the attacks at this time due to their severity, but assure they are making an effort to get in touch with all entities affected. They intend to disclose the risks and offer remedies of the flaws.
Dogecoin, Litecoin, and Zcash blockchains have taken measures to eradicate the flaws discovered, but hundreds might remain exposed, the firm said.