Scary Picture: These Altcoins Contain Security Vulnerabilities!

Halborn, a cybersecurity firm specializing in bitcoin and altcoins, recently surprised him with a report.
 Scary Picture: These Altcoins Contain Security Vulnerabilities!
READING NOW Scary Picture: These Altcoins Contain Security Vulnerabilities!

Halborn, a cybersecurity firm specializing in bitcoin and altcoins, recently announced that it has discovered several serious vulnerabilities in the open source code of Dogecoin, one of the most popular cryptocurrencies on the market. According to a March 13 report from blockchain security firm Halborn, several blockchains contain vulnerabilities under the collective term “Rab13s”. A broader review by Halborn revealed that the same vulnerabilities affected more than 280 other networks, including Litecoin and Zcash, putting cryptocurrencies worth over $25 billion at risk. Here are the details…

Alert for DOGE and these altcoins: Hundreds at risk

The vulnerabilities were discovered by the Dogecoin team during a routine assessment of Halborn, which was contracted in March 2022 to assess all vulnerabilities that could affect the security of the blockchain. Zcash similarly announced on March 13 that it had released an update that addresses the vulnerability. The project said the vulnerability stemmed from Bitcoin Core’s code, adding that there was no evidence of an attack against Zcash.

On the other hand, Litecoin seems to have released an update that fixes the vulnerability on March 12, although it does not directly mention Halborn or his findings. While various critical and exploitable vulnerabilities were identified and fixed by the Dogecoin team, a broader review by Halborn revealed that the same vulnerabilities affected more than 280 other networks and put over $25 billion in crypto assets at risk. Horizen also said that he was made aware of the potential vulnerability by Halborn.

Halborn’s vulnerabilities, codenamed Rab13s, relate to peer-to-peer (p2p) communications on affected networks. Hackers can exploit these vulnerabilities by creating malicious consensus messages and sending them to individual nodes, exposing each node to shutdown and eventually risking the network to be 51% attacks and other serious issues. These vulnerabilities are of particular concern due to the simplicity of p2p messaging mechanisms, which increases the likelihood of attacks on affected networks.

Have you done what is necessary for safety?

Halborn identified several vulnerabilities in the affected networks. The most critical vulnerability discovered relates to P2P communications, where attackers can scan for network peers and attack unpatched nodes using the “getaddr” message. Another thing identified by Halborn was a code execution vulnerability in an RPC (Remote Procedure Call) affecting individual miners. Later, variants of these vulnerabilities were also discovered in similar blockchain networks, including Litecoin and Zcash.

Due to code base differences between networks, not all vulnerabilities can be exploited on all networks, but at least one of them can be exploited on each network. On vulnerable networks, successful exploitation of the vulnerability could result in a denial of service or remote code execution.

Halborn has successfully developed a toolkit for Rab13s that includes a proof-of-concept with configurable parameters to demonstrate attacks on different networks. Necessary technical information was shared to help designated people fix bugs and release necessary patches for the community and miners. However, Halborn did not share the exploit kit code with any party. For projects using a UTXO-based node like Dogecoin, Halborn recommends upgrading all their nodes to the latest version (1.14.6).

Could have been a “disaster” for cryptocurrencies

The risks associated with these vulnerabilities are serious and require urgent action to protect the integrity of networks and the crypto assets they represent. The impact of more than 280 networks only underscores the importance of cybersecurity in the blockchain world. As Blockchain technology continues to gain general acceptance, it is important to take security measures to protect users and crypto assets.

Comments
Leave a Comment

Details
121 read
okunma60415
0 comments