Halborn identifies vulnerabilities in >280 blockchains including Dogecoin, Zcash
- According to Halborn’s report, over 280 blockchains are plagued by major vulnerabilities
- More than $25 billion in digital assets are at risk due to these vulnerabilities, it added
Over 280 blockchains are plagued by major vulnerabilities known as “Rab13s,” according to a report released yesterday by blockchain security firm Halborn.
According to Halborn, it was hired to inspect Dogecoin’s code in March 2022, and the project soon patched any vulnerabilities it discovered.
After a more thorough investigation, Halborn discovered that the same vulnerabilities affected over 280 other networks, including Litecoin and Zcash, putting more than $25 billion in digital assets at risk.
The main vulnerability, according to Halborn, allowed attackers to take unpatched blockchain nodes offline by sending consensus messages to those nodes via peer-to-peer (p2p) communication. An attacker can perform a 51% attack against the relevant blockchain network more easily by taking down nodes. The attacker can then perform a double use attack or cause other network damage.
A secondary vulnerability would allow a hacker to stop nodes through an RPC. A third vulnerability Halborn discovered encouraged hackers to execute code via RPC. Both of these attack methods require valid identification and are therefore relatively difficult to carry out.
Blockchains are starting to solve the problem
Zcash announced yesterday the release of an update that addresses the exploit. The vulnerability was discovered in the code of Bitcoin Core, according to the project, and there is no evidence of an attack on Zcash itself. In a statement, the Zcash Foundation claimed,
“Zebra is an independent Zcash node implementation, and is not based on Bitcoin Core. Halborn has confirmed that Zebra is not vulnerable to these issues.”
Horizen also released an update that Halborn had informed them of the potential vulnerability. Yesterday, it disclosed the issue and published an update to address the vulnerabilities.
Litecoin also released an update earlier this month that addresses the security issue. However, it is worth noting that it did not mention Halborn or its findings. The new update ensures that nodes on lower hardware do not run out of memory in the face of increased network traffic.
According to Halborn, some of the issues are previously known Bitcoin vulnerabilities, while others are unique to Dogecoin and other networks. Not all exploits are possible on all networks, according to the blockchain security firm.