280 Networks Including Dogecoin, Litecoin, and Zcash Pose $25 Billion Digital Asset Risk

Halborn, a cybersecurity firm specializing in blockchain, recently announced that it has discovered several serious vulnerabilities in the open source code for Dogecoin, one of the most popular cryptocurrencies on the market.

The vulnerabilities were discovered during a routine assessment of the Dogecoin open source codebase, which was contracted by the Dogecoin team in March 2022 to evaluate any vulnerabilities that could affect the security of the blockchain.

While several critical and exploitable vulnerabilities were identified and fixed by the Dogecoin team, a broader review by Halborn revealed that the same vulnerabilities affected over 280 other networks, including Litecoin and Zcash, putting over $25 billion worth of digital assets at risk.

The vulnerabilities, which Halborn has code-named Rab13s, relate to the peer-to-peer (p2p) communications within the affected networks. Hackers can exploit these vulnerabilities by crafting malicious consensus messages and sending them to individual nodes, causing each node to shut down and eventually exposing the network to risks such as 51% attacks and other severe issues. These vulnerabilities are particularly concerning because of the simplicity of the p2p messaging mechanisms within the affected networks, which increase the likelihood of attack.

Halborn has identified several types of vulnerabilities within the affected networks. The most critical vulnerability discovered is related to the P2P communications, where attackers can crawl the network peers using the getaddr message and attack the unpatched nodes.

Another zero-day identified by Halborn was uniquely related to Dogecoin, including an RPC (Remote Procedure Call) Remote code execution vulnerability impacting individual miners. Subsequently, variants of these zero-days were also discovered in similar blockchain networks, including Litecoin and Zcash.

Due to codebase differences between the networks, not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network. On vulnerable networks, a successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution.

Halborn has successfully developed an exploit kit for Rab13s that includes a proof of concept with configurable parameters in order to demonstrate the attacks on different networks. The necessary technical information has been shared with the identified stakeholders to help them remediate the bugs and to release the necessary patches for the community and miners. However, Halborn has not shared the exploit kit code with any party. Halborn recommends that for projects using a UTXO-based node, such as Dogecoin, all nodes should be upgraded to the latest version (1.14.6).

The risks associated with these vulnerabilities are severe and require immediate action to protect the integrity of the networks and the digital assets they represent. The fact that over 280 networks are affected only underscores the importance of cybersecurity in the blockchain world. As blockchain technology continues to gain mainstream adoption, it is essential that security measures are in place to protect users and their digital assets.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like