Cybersecurity Firm Halborn Warns of Zero-Day Vulnerabilities in Over 280 Blockchain Networks
A cybersecurity firm, Halborn, has recently warned of a vulnerability that could put over 280 blockchain networks at risk of zero-day exploits, potentially exposing at least $25 billion worth of crypto. The vulnerability, which Halborn has dubbed "Rab13s," could have significant consequences for the affected networks, and Halborn has already worked with some networks, such as Dogecoin, Litecoin, and Zcash, to institute a fix.
The warning comes after Halborn was contracted in March 2022 to conduct a security review of Dogecoin's codebase and found "several critical and exploitable vulnerabilities." Halborn later discovered that these same vulnerabilities "affected over 280 other networks," which risked billions of dollars worth of cryptocurrencies.
Halborn outlined three vulnerabilities, with the most critical one allowing an attacker to "send crafted malicious consensus messages to individual nodes, causing each to shut down." These messages over time could expose the blockchain to a 51% attack, where an attacker controls the majority of the network's mining hash rate or staked tokens to make a new version of the blockchain or take it offline.
Halborn found other zero-day vulnerabilities that would allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests - a protocol allowing a program to communicate and request services from another. However, Halborn added that the likelihood of RPC-related exploits was lower, as it required valid credentials to undertake the attack.
Halborn warned that due to codebase differences between networks, not all the vulnerabilities were exploitable on all the networks, but at least one of them may be exploitable on each network. The cybersecurity firm said it was not releasing further technical details of the exploits due to their severity and added that it made a "good faith effort" to contact all affected parties to disclose the potential exploits and provide remediation for the vulnerabilities.
While Dogecoin, Zcash, and Litecoin have already implemented patches for the discovered vulnerabilities, Halborn warned that hundreds of other networks could still be exposed. The potential for these zero-day exploits to impact billions of dollars worth of cryptocurrencies underscores the importance of strong cybersecurity measures and regular security audits for blockchain networks. As the adoption of blockchain continues to grow, it is likely that hackers will continue to target vulnerabilities in these networks, making the need for robust security measures all the more critical.