Billions at Risk as Catastrophic Flaws Found in Dogecoin, 280+ Crypto Networks
Editor’s note: This story has been updated to reflect the patching of a vulnerability in the Dogecoin code.
An evaluation of Dogecoin DOGE/USD open source codebase for potential vulnerabilities that could compromise the security of the blockchain network revealed a number of critical and exploitable vulnerabilities that were codenamed “Rab13s” and has since been corrected.
After investigation by the cyber security firm Halborn, these vulnerabilities extended to over 280 additional networks, including Litecoin LTC/USD and Zcash ZEC/USDthereby putting $25 billion worth of digital assets at risk.
Dogecoin Core developer Patrick Lodder said the vulnerabilities were discovered by Halborn, who privately informed Dogecoin maintainers. Dogecoin’s maintainers took swift action and fixed the issues in the code released with version 1.14.6.
The bug fixes were incorporated into the network code, reinforcing efforts that were already underway, he said.
“Today, with over 50% of the network upgraded, the risk to the network as a whole is believed to be reduced, but individual nodes that have not yet been upgraded may still be vulnerable, and all node operators are advised to upgrade at their earliest convenience,” said Lodder on a Dogecoin development board.
Significant vulnerabilities in peer-to-peer communication uncovered
Researchers discovered several vulnerabilities in open source blockchain networks such as Dogecoin, Litecoin, and other networks with comparable codebases.
The most critical vulnerability involved peer-to-peer (P2P) communication, where attackers could craft malicious consensus messages and transmit them to individual nodes, then cause those nodes to go offline.
Read also: FTX will claim back 460 million dollars from Bahamas-based hedge funds in settlement
Potential risks and consequences
The simplicity of Rab13’s vulnerabilities increases the likelihood of an attack.
If exploited, these vulnerabilities could have resulted in denial of service or remote code execution, thus exposing the network to significant risks, such as 51% attacks and other serious complications.
Manage and mitigate vulnerabilities
In the interests of responsible disclosure, Halborn said they made a concerted effort to contact the networks affected by these vulnerabilities.
In its report, the cybersecurity firm advised projects using a UTXO-based node to upgrade all nodes to the latest version (1.14.6).
Talking to Benzinga, Halborn’s COO David Schwed said the quick response of Halborn and the affected blockchain projects demonstrates the importance of collaboration in the Web3 ecosystem.
“By working together to reduce risk, society can ensure a safer and more robust future for digital assets,” he added.
Read next: Crypto crackdown: SEC warns exchanges they ‘may be subject to federal securities laws’