Over 280 blockchains are plagued by major vulnerabilities known as “Rab13s,” according to a report released yesterday by the blockchain security firm Halborn.
According to Halborn, it was hired to inspect Dogecoin’s code in March 2022, with the project soon patching any vulnerabilities it discovered.
Following a more thorough investigation, Halborn discovered that the same vulnerabilities affected over 280 other networks, including Litecoin and Zcash, putting more than $25 billion in digital assets at risk.
The main vulnerability, according to Halborn, allowed attackers to take unpatched blockchain nodes offline by sending consensus messages to those nodes via peer-to-peer (p2p) communications. An attacker could execute a 51% attack against the relevant blockchain network more feasibly by taking down nodes. The attacker could then perpetrate a double spend attack or cause other network damage.
A secondary vulnerability would allow a hacker to halt nodes through an RPC. A third vulnerability that Halborn discovered encouraged hackers to execute code via RPC. Both of these attack methods necessitate valid credentials and are thus, comparatively difficult to carry out.
Zcash announced yesterday the release of an update that addresses the exploit. The vulnerability was discovered in the code of Bitcoin Core, according to the project, and there is no evidence of an attack on Zcash itself. In a statement, Zcash Foundation claimed,
“Zebra is an independent Zcash node implementation, and is not based on Bitcoin Core. Halborn has confirmed that Zebra is not vulnerable to these issues.”
Horizen also issued an update that Halborn had informed them of the potential vulnerability. Yesterday, it disclosed the problem and published a patch to address the vulnerabilities.
Litecoin also issued an update earlier this month that resolves the vulnerability. Worth noting, however, that it made no mention of Halborn or its findings. The new update ensures that nodes on lower-end hardware do not run out of memory in the face of increased network traffic.
According to Halborn, some of the issues are previously known Bitcoin vulnerabilities, while others are unique to Dogecoin and other networks. Not all exploits are possible on all networks, according to the blockchain security firm.