Security company warns of “zero-day” attacks on blockchains

According to cybersecurity firm Halborn, more than 280 blockchain networks are vulnerable to “zero-day” exploits that could put at least $25 billion worth of cryptocurrencies at risk.

Holborn warned of the vulnerability, which it dubbed “Rab13s,” in a March 13 blog post, adding that it has already worked with Dogecoin, Litecoin, and Zcash to implement a fix for it.

Holborn stated that it was hired in March 2022 to conduct a security review of Dogecoin’s codebase and discovered “several critical and exploitable vulnerabilities.”

It was later determined that the same vulnerabilities “affected over 280 other networks” and put at risk cryptocurrencies worth billions of dollars.

Holborn described three vulnerabilities, the “most severe” of which allows an attacker to “send maliciously crafted consensus messages to individual nodes, causing each to shut down.”

It could expose the blockchain to a 51 percent attack, in which an attacker controls the majority of the network’s mining hash rate or staked tokens to create a new version of the blockchain or take it offline.

Other zero-day vulnerabilities discovered would permit potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests, a protocol that allows programs to communicate and  request services from one another.

It was noted that the chance of RPC-related attacks was decreased since the assault needed the correct credentials.

“Because of codebase changes across networks, not all vulnerabilities are vulnerable on all networks, but at least one of them is on each network,” Halborn cautioned.

Due to the seriousness of the exploits, the company is not publishing any technical specifics at this time, and it has made a “good faith attempt” to contact all impacted parties to reveal the possible exploits and offer fixes for the vulnerabilities.

According to Halborn, Dogecoin, Zcash, and Litecoin have already applied remedies for the disclosed flaws, while hundreds remain vulnerable.