Chicago-based cybersecurity firm Halborn has identified a critical vulnerability, code-named Rab13s, in the open-source code for several blockchain networks, including Dogecoin, Litecoin, and Zcash. According to the researchers, the vulnerabilities could put over $25 billion worth of digital assets at risk.
Halborn was initially contracted to evaluate the Dogecoin open-source codebase in March 2022. During the assessment, several critical and exploitable vulnerabilities were identified by Halborn and have since been fixed by the Dogecoin team. However, after a broader review, Halborn determined that the same vulnerabilities affected over 280 other networks.
The most critical vulnerability discovered is related to the peer-to-peer (p2p) communications, which could allow attackers to craft malicious consensus messages and send them to individual nodes, causing them to shut down and expose the network to risks like 51% attacks and other severe issues.
Halborn has successfully developed an exploit kit for Rab13s that includes a proof of concept with configurable parameters to demonstrate the attacks on different networks. All the necessary technical information has been shared with the identified stakeholders to help them remediate the bugs and release the necessary patches for the community and miners.
Halborn is not releasing further technical or exploit detail at this time due to the severity of the issues. All affected networks are encouraged to contact Halborn for responsible disclosure.