Last March, Halborn was awarded a contract to examine the Dogecoin codebase for vulnerabilities that could affect the security of the blockchain. As a result of the examination, several critical vulnerabilities were identified, which were subsequently fixed by the Dogecoin team. However, after a broader examination, Halborn determined that similar vulnerabilities affected 280 other networks built on a similar codebase, including Litecoin and Zcash, which put more than $25 billion worth of digital assets at risk.
The most critical vulnerability is related to peer-to-peer (P2P) communications, where attackers can create consistent messages and send them to individual nodes, as well as disable them. According to Halborn, hackers can scan peers using the getaddr message. Successful exploitation of this vulnerability could lead to a denial of service, remote code execution, or a 51% attack. A zero-day vulnerability discovered by Halborn, namely Remote Procedure Call (RPC), was linked to Dogecoin. Subsequently, these vulnerabilities were also found in similar networks, including Litecoin and Zcash.
Considering the seriousness of the discovered problems, Halborn specialists refused to publish in the public domain the technical details of the examination and the details of possible exploits. Earlier, David SCHWED, COO of cybersecurity company Halborn, said that most crypto companies concentrate only on making a profit and pay insufficient attention to security issues.