Blockchain Cybersecurity firm Halborn reveals that the once-fixed vulnerability “Rab13s” in the Dogecoin network still exists in at least 280 other networks.
According to the report, during the assessment “several critical and exploitable vulnerabilities were identified by Halborn and have since been fixed by the Dogecoin team.”
“However, after a broader review Halborn determined that the same vulnerabilities affected over 280 other networks including Litecoin and Zcash, putting over $25 billion dollars of digital assets at risk,” reads the report.
The p2p messaging systems in affected networks were determined to contain the Rab13s vulnerabilities, which because of their simplicity make them more vulnerable to attack.
With this flaw, an attacker can design malicious consensus messages to transmit to specific nodes, leading them to shut down and ultimately exposing the network to serious dangers like 51% of attacks.
An attacker could crash the node using RPC requests because of the second vulnerability in the RPC services.
Using the public interface, the third vulnerability enables code execution for attackers in the context of the user executing the node. However, because it needs a legitimate credential to be used in the attack, the possibility of this exploit is minimal.
Halborn began evaluating Dogecoin in March 2022 and discovered a number of vulnerabilities that were resolved by the Dogecoin team.
About 280 more networks, including Llitecoin and Zcash, were determined to be impacted by the same vulnerabilities during the examination, which has subsequently been patched.
Halborn suggests updating all UTXO-based nodes to the most recent version as a remedy (1.14.6). Halborn at this time won’t provide the technical information or the specifics of the exploit due to the seriousness of the problem.
The blockchain security firm also built a successful exploit kit for Rab13s that features a proof of concept with adjustable parameters to show how the attacks operate on various networks.
Also Read: Euler Finance Witnesses Flash Loan Attack, Largest Hack of 2023