Over 280 blockchains are plagued by major vulnerabilities known as “Rab13s,” according to a report released yesterday by the blockchain security firm Halborn.
According to Halborn, it was hired to inspect Dogecoin’s code in March 2022, with the project soon patching any vulnerabilities it discovered.
Following a more thorough investigation, Halborn discovered that the same vulnerabilities affected over 280 other networks, including Litecoin and Zcash, putting more than $25 billion in digital assets at risk.
The main vulnerability, according to Halborn, allowed attackers to take unpatched blockchain nodes offline by sending consensus messages to those nodes via peer-to-peer (p2p) communications. An attacker could execute a 51% attack against the relevant blockchain network more feasibly by taking down nodes. The attacker could then perpetrate a double spend attack or cause other network damage.
A secondary vulnerability would allow a hacker to halt nodes through an RPC. A third vulnerability that Halborn discovered encouraged hackers to execute code via RPC. Both of these attack methods necessitate valid credentials and are thus, comparatively difficult to carry out.
Zcash announced yesterday the release of an update that addresses the exploit. The vulnerability was discovered in the code of Bitcoin Core, according to the project, and there is no evidence of an attack on Zcash itself. In a statement, Zcash Foundation claimed,
“Zebra is an independent Zcash node implementation, and is not based on Bitcoin Core. Halborn has confirmed that Zebra is not vulnerable to these issues.”
Horizen also issued an update that Halborn had informed them of the potential vulnerability. Yesterday, it disclosed the problem and published a patch to
Read more on ambcrypto.com