Tuesday , March 5 2024
Home / Blockchain / Critical Bug Impacting Litecoin, ZCash, Dogecoin and Other Networks Identified: Research

Critical Bug Impacting Litecoin, ZCash, Dogecoin and Other Networks Identified: Research

Summary:
Blockchain security firm, Halborn has detected several critical and exploitable vulnerabilities impacting more than 280 networks, including Litecoin (LTC) and Zcash (ZEC). Code-named “Rab13s,” this vulnerability has put over billion of digital assets at risk. This was first detected in the Dogecoin network a year ago, which was then fixed by the team behind the premier memecoin. 51% Attacks and Other Issues According to the official blog post, Holborn researchers discovered the most critical vulnerability related to peer-to-peer (p2p) communications which, if exploited, can help attackers craft consensus messages and send them to individual nodes and take them offline. Eventually, such a threat could also expose networks to risks such as 51% attacks and other severe

Topics:
Chayanika Deka considers the following as important: ,

This could be interesting, too:

Andrew Throuvalas writes Bloomberg Expert Says Ethereum ETF Approvals Are Overhyped Next To Bitcoin

Wayne Jones writes Friend.tech Investors Grant Users Full Token Control Amid Resurgence Efforts

Wayne Jones writes Here’s the Deadline Date for FTX Creditor Claims

Cristian Lipciuc writes WSJ Parent Company Sued Over Tether, Bitfinex Article

Blockchain security firm, Halborn has detected several critical and exploitable vulnerabilities impacting more than 280 networks, including Litecoin (LTC) and Zcash (ZEC). Code-named “Rab13s,” this vulnerability has put over $25 billion of digital assets at risk.

This was first detected in the Dogecoin network a year ago, which was then fixed by the team behind the premier memecoin.

51% Attacks and Other Issues

According to the official blog post, Holborn researchers discovered the most critical vulnerability related to peer-to-peer (p2p) communications which, if exploited, can help attackers craft consensus messages and send them to individual nodes and take them offline. Eventually, such a threat could also expose networks to risks such as 51% attacks and other severe issues.

“An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.”

The firm identified another zero-day which was uniquely related to Dogecoin, including an RPC (Remote Procedure Call) Remote code execution vulnerability impacting individual miners.

Variants of these zero-days were also discovered in similar blockchain networks, such as Litecoin and Zcash. While not all the bugs are exploitable in nature due to the differences in codebase between the networks, at least one of them could be exploited by attackers on each network.

In the case of vulnerable networks, Halborn said that successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution.

The security platform believes that the simplicity of these Rab13s vulnerabilities increases the possibility of attack.

Upon further investigation, Halborn researchers found a second vulnerability in the RPC services that enabled an attacker to crash the node via RPC requests. But successful exploitation would require valid credentials. This reduces the possibility of the entire network being at risk because some nodes implement the stop command.

A third vulnerability, on the other hand, lets malicious entities execute code in the context of the user running the node through the public interface (RPC). The likelihood of this exploit is also low since even this requires a valid credential to carry out a successful attack.

Bug Exploits

Meanwhile, an exploit kit for Rab13s has been developed that includes a proof of concept with configurable parameters to demonstrate the attacks on various other networks.

Halborn has confirmed sharing all the necessary technical details with the identified stakeholders to help them remediate the bugs, as well as to release the relevant patches for the community and miners.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *