Cybersecurity firm Halborn warns of zero-day vulnerabilities in over 280 blockchain networks
A cybersecurity firm, Halborn, has recently warned of a vulnerability that could put over 280 blockchain networks at risk for zero-day exploits, potentially exposing at least $25 billion worth of crypto. The vulnerability, which Halborn has dubbed “Rab13s,” could have significant ramifications for the affected networks, and Halborn has already worked with some networks, such as Dogecoin, Litecoin, and Zcash, to initiate a fix.
The warning comes after Halborn was contracted in March 2022 to conduct a security review of Dogecoin’s code base and found “several critical and exploitable vulnerabilities”. Halborn later discovered that these same vulnerabilities “affected over 280 other networks,” putting billions of dollars worth of cryptocurrencies at risk.
Halborn outlined three vulnerabilities, with the most critical allowing an attacker to “send crafted malicious consensus messages to individual nodes, causing each to shut down.” These messages can over time expose the blockchain to a 51% attack, where an attacker controls the majority of the network’s mining hash rate or staked tokens to create a new version of the blockchain or take it offline.
Halborn found other zero-day vulnerabilities that would allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests – a protocol that allows one program to communicate and request services from another. However, Halborn added that the likelihood of RPC-related exploits was lower, as it required valid credentials to carry out the attack.
Halborn cautioned that due to codebase differences between networks, not all vulnerabilities could be exploited on all networks, but at least one of them could be exploited on each network. The cybersecurity firm said it was not releasing further technical details about the exploits due to their severity, adding that it was making a “good faith effort” to contact all affected parties to disclose potential exploits and provide remediation for the vulnerabilities.
While Dogecoin, Zcash and Litecoin have already implemented patches for the discovered vulnerabilities, Halborn warned that hundreds of other networks could still be exposed. The potential for these zero-day exploits to affect billions of dollars worth of cryptocurrencies underscores the importance of strong cybersecurity measures and regular security audits for blockchain networks. As the use of blockchain continues to grow, it is likely that hackers will continue to target vulnerabilities in these networks, making the need for robust security measures all the more critical.