280 blockchains still vulnerable to “zero-day” attacks: Report
- The critical vulnerability has already been patched in Dogecoin, Zcash, and Litecoin, but so many others may not have, putting billions of dollars in value of the cryptocurrency at risk.
- Assets worth more than $25 billion are at risk, according to security company Halborn.
According to cybersecurity company Halborn, over 280 blockchain networks could be vulnerable to “zero-day” attacks that could compromise at least $25 billion worth of cryptocurrency.
In a blog article on March 13, Halborn warned of the “Rab13s” vulnerability and said it had already worked with some blockchains to implement a fix, including Dogecoin, Litecoin, and Zcash. Dogecoin’s codebase underwent a security review in March 2022, according to Halborn, which discovered several severe and exploitable vulnerabilities.
The “most critical” of the three flaws listed by Halborn enables an attacker to send tailored malicious consensus messages to individual nodes, causing each to shut down. It further added:
“The most critical vulnerability discovered is related to peer-to-peer (p2p) communications where attackers can craft consensus messages and send it to individual nodes, taking them offline.”
Other zero-day flaws it found would allow potential attackers to take down blockchain nodes by sending requests using the Remote Procedure Call (RPC) protocol, which allows programs to interact and seek services from each other. It was further stated that since an RPC-related attack requires legitimate credentials, the probability of such exploits was lower. Halborn warned:
“Due to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network,”
The company stated that due to the severity of the exploits, it is not at this time disclosing additional technical information about them. It also stated that it made a “good faith effort” to get in touch with all affected parties to inform them of the potential exploits and to offer a fix for the vulnerabilities.
According to Halborn, patches have already been added to Dogecoin, Zcash, and Litecoin to address the flaws. Halborn claims that variations of these flaws exist in over 280 other blockchain networks and noted that it had provided exploit kits with all those projects.
The security company claimed that while some problems are well-known Bitcoin flaws, other attack vectors are specific to Dogecoin and other networks. The cryptocurrency security company claims that not every network can be exploited. According to Halborn, the pervasive problem could jeopardize more than $25 billion in cryptocurrency.