This crypto security firm claims blockchains are at risk of exploitation
Cryptocurrency utilizes has become one of the growing threats to the promotion and use of digital assets. Over the years, the industry has suffered big losses through multiple exploits on crypto blockchains and related platforms.
Although the attacks come in different forms, zero-day exploits have become a prominent and recurring type for bad actors. This type of exploit preys on vulnerabilities in the software of crypto blockchains and platforms.
A recent report from a security firm, Halborn, reveals that hundreds of blockchains are currently at risk of zero-day exploits.
Some major vulnerabilities on the blockchains revealed
Recently, Halborn exposed the discovery of massive zero-day exploits targeting several crypto blockchain networks through a series of Twitter posts. The software vulnerability, labeled “Rab 13s” was set to affect over 280 networks such as Dogecoin, Zcash, Litecoin and others.
The security firm noted that the exploit could lead to a possible loss of more than $25 billion of crypto assets from the targeted networks.
In March 2022, Dogecoin contracted Halborn for a security audit of its codebase. The security firm mentioned discovering many critical and open vulnerabilities on the Dogecoin network. Halborn also reported that the similar vulnerabilities had affected more than 280 other blockchain networks in the crypto industry.
In his Twitter post, Halborn highlighted some software vulnerabilities on the exposed blockchain networks. Special big loopholes on the networks allows an exploit to create and send malicious consensus messages to individual nodes. Therefore, such an attack will trigger an automatic shutdown of the nodes.
The security firm stated that such messages could cause the blockchain to suffer a 51% attack overtime. Then the exploiter could control most operations on the network, such as the hash rate for mining or staked tokens. The attacker can even take the blockchain offline or develop a new version.
It noted that it had made a reasonable good faith effort to contact the affected networks to combat the technical lapses effectively. It noted that the networks could also reach out for responsible disclosures and resolutions for their services. It also recommended an upgrade of all UTXO-based nodes to the latest version for some networks such as Dogecoin.
The Zero-Day Exploit and Its Impact on Crypto
Zero-day exploitation is a security attack that targets software vulnerabilities on systems and networks. Typically, an exploiter will search for and use software vulnerabilities for attacks before the mitigating party intervenes.
The crypto and blockchain industry has witnessed several zero-day exploits in the past. A smart contract platform, Parity lost over $30 million worth of Ether tokens in July 2017 through an exploit. Hackers also attacked CryptoKittes, in December 2017 and carried off about $17 million in ETH within two days.
In most cases, the attackers gain access to the target’s funds by sending phishing emails or messages to users. When a user opens the message or clicks on forwarded links, the exploiter will gain access to the user’s credentials and other important information for an attack.
Featured image from Pixabay and chart from Tradingview.com