A critical security vulnerability, which cybersecurity firm Halborn named “Rab13s,” has put over 280 blockchains at risk of “zero-day” exploits. The risk could endanger at least $25 billion worth of cryptocurrencies.
While some blockchains, such as Litecoin, Dogecoin, and Zcash, have already fixed the vulnerability, others have not. As a result, Halborn is warning blockchain networks to take immediate action to protect their assets.
Halborn was contracted in March 2022 to conduct a security review of Dogecoin’s codebase. It found that Dogecoin had several critical and exploitable vulnerabilities. Moreover, they determined that those same vulnerabilities existed in more than 280 other networks. That isn’t surprising, as most projects copy code from existing ecosystems.
Halborn identified three vulnerabilities. The “most critical” allows an attacker to send crafted malicious consensus messages to individual nodes, causing each to shut down.
Over time, these messages could expose the blockchain to a 51% attack. In that scenario, an attacker controls most of the network’s mining hash rate or staked tokens to make a new version of the blockchain or take it offline.
Halborn also found other zero-day vulnerabilities that could allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests. Although the likelihood of RPC-related exploits is lower, they still pose a risk to blockchain networks.
Halborn stressed that due to codebase differences between the blockchains, not all vulnerabilities are exploitable on all networks. However, at least one vulnerability could be exploitable on each network.
The security firm has not disclosed further technical details of the vulnerabilities, citing their severity. However, the company made a “good faith effort” to contact all affected parties to disclose the potential exploits. They even provided remediation for the vulnerabilities. It is now up to the developers to take action.
This warning highlights why investing in altcoins can be risky and emphasizes blockchains’ importance in protecting their assets against cyber threats.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.