Halborn, a blockchain security company, has discovered many serious flaws that may be exploited that affect more than 280 networks, including Litecoin (LTC) and Zcash (ZEC). This vulnerability, known as “Rab13s,” has exposed roughly $25 billion in digital assets to risk.
The team behind the top memecoin found this for the first instance on the Dogecoin network a year ago, and it was subsequently fixed.
The most significant peer-to-peer (p2p) communication flaw was found by Holborn researchers, according to the official blog post. If abused, this vulnerability might allow attackers to create consensus messages, send them to specific nodes, and take those nodes offline. Eventually, a threat like this might put networks in risk of things like 51% attacks and other serious problems.
Another Dogecoin-specific zero-day vulnerability, involving an RPC (Remote Procedure Call) Remote code execution vulnerability that affects individual miners, was found by the company.
These zero-day exploits also exist in similar blockchain networks like Litecoin and Zcash. Due to the different code bases between the networks, not all of the vulnerabilities are exploitable, but at least one of them may be used by hackers on each network.
Halborn remarked that in the case of weak networks, successful exploitation of the pertinent vulnerability could result in a denial of service or remote code execution.
The security platform thinks that the ease with which these Rab13s vulnerabilities might be exploited raises the likelihood of an attack.
Further examination by Halborn researchers led to the discovery of a second RPC service vulnerability that enabled an attacker to crash the node using RPC calls. But legitimate credentials would be needed for a successful exploit. This lessens the potential that the stop command gets implemented by certain nodes, putting the entire network at danger.
In the meantime, a Rab13s exploit kit that features a proof of concept with programmable parameters to illustrate the assaults on several different networks has been created.
In order to assist the specified stakeholders fix the bugs and deliver the appropriate fixes for the community and miners, Halborn has confirmed that it will share all the technical information required with them.