Blockchain security firm Halborn recently released a report which laid out the details of a zero-day vulnerability that affected over 280 networks in the crypto space. The vulnerability was first discovered in March last year when the firm evaluated Dogecoin’s open-source codebase for any vulnerabilities that could affect the security of the blockchain.
According to Halborn’s report, the firm conducted a broad review involving other networks after identifying the vulnerability in Dogecoin. This revealed similar issues with other networks including Litecoin and Zcash among several others. The blockchain security firm has estimated that over $25 billion of digital assets are at risk due to the vulnerability.
“Due to codebase differences between the networks, not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network. On vulnerable networks, a successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution,” Halborn CEO Rob Behnke stated.
The vulnerability, which has been codenamed Rab13s by Halborn, was found inside the peer-to-peer (p2p) messaging mechanism of the affected networks. It exposes the network to malicious consensus messages sent by a bad actor in order to control the network by initiating a 51% attack.
Another vulnerability in the Remote Procedure Call (RPC) services can allow bad actors to crash the node using RPC requests. However, such an exploit would require valid credentials, which reduces the likelihood of the entire network being at risk. As far as a fix is concerned, Halborn has come up with an exploit kit for Rab13s, which includes a proof of concept with configurable parameters to demonstrate the attacks on different networks.