Good day everyone,
I hope you are all well and are having an excellent day welcome to CryptoGod-1’s blog on all things crypto. In this post I will be looking at the potential risks of the recently discovered flaws in major cryptocurrency networks, including Dogecoin and Litecoin, known as Rabs13s.
The Discovery
Reports have emerged recently that a cybersecurity company known as Halborn discovered at least 280 blockchain networks had vulnerabilities known as 'zero-day' exploits, meaning that potentially up to $25 billion worth of cryptocurrency was at risk. This was brought to the publics attention on the 13th of March 2023 when Halborn posted about the issues, dubbed 'Rab13s', on their blog. They went on to highlight how the company had already been in dialogue with various blockchains to provide assistance and remedy to the situation, with prominent blockchains such as Dogecoin, Litecoin, and Zcash. This all came about after Dogecoin had hired Halborn to perform a security review of its codebase back in March 2022.
Potential Risks
When Halborn performed the review of Dogecoin, they discovered what they referred to as "several critical and exploitable vulnerabilities." These flaws were also noticed within a further 280 additional networks, which as previously noted put billions of dollars at risk. Among the three major flaws discovered, Halborn noted that one of the most significant of these would allow an attack to "deliver tailored malicious consensus messages to particular nodes, leading each to shut down."
These messages could be used to make the blockchain vulnerable to a 51% attack, as they could communicate with the nodes to disregard everyday protocol and activity, allowing an attack where the network is seized once a user has control over the majority of the networks hash rate, therefore allowing them to make use of the staked tokens to bring the network down.
Halborn also noted the 'zero-day' flaws in the networks which could potentially be used by attackers to crash blockchain nodes through making use of Remote Procedure Call (RPC) requests, which is a technique that allows one piece of software to connect with another and make a request for services. However, one reduction to the threat of an RPC attack was the requirement for legitimate credentials, meaning the vulnerability is not as simply exploitable as others could be due to things such as different codebases being used on different networks.
Due to the risks of these exploits, Halborn have not disclosed any additional technical information regarding them, however they did state they have made a "good faith effort" to contact all the impacted parties and inform them of any potential exploits along with solutions for the vulnerabilities. According to reports, Dogecoin, Zcash, and Litecoin have already reviewed and fixed the vulnerabilities in their networks, however the wider crypto space could still be at risk with many blockchains yet to tackle these issues.
Have a great day.
Peace. CryptoGod-1.
Referral Links and Follow Me:
