Yesterday, cybersecurity company Halborn reported on the critical vulnerabilities it had found in the open-source Dogecoin database in March 2022. While Dogecoin has successfully fixed the issues, Halborn has discovered similar problems in over 280 other networks, including popular Zcash and Litecoin. According to Halborn CEO Rob Behnke, these vulnerabilities put over $25 billion worth of cryptocurrencies at risk.
One of the most severe types of attacks on a blockchain, a 51% attack or majority attack, requires the acquisition of more than 50% of the network hashrate, which allows hackers to create conflicting transactions and double-spend assets, reverse already confirmed transactions, and manipulate the network in other ways.
Despite the great control hackers can gain by performing such an attack, there is a common belief that such attacks are unlikely to happen, especially for large networks with a high degree of decentralization. While hackers need great resources to gain adequate hashrate, their attack can potentially devalue the cryptocurrency of the hacked network.
Still, Halborn's cybersecurity experts have found "Rab13s vulnerabilities" that make it easier for malicious actors to conduct a 51% attack. One of them involves per-to-peer (p2p) communications. "With this vulnerability, an attacker can send crafted malicious consensus messages to individual nodes, causing each to shut down and eventually expose the network to risks like 51% attacks and other severe issues," Behnke has explained in the report.
Halborm CEO also claims that many of the networks reviewed by the company were affected by Common Vulnerabilities and Exposures (CVEs) typical for the Bitcoin blockchain. At the same time, some of the issues were quite unique, such as Remote Procedure Call (RPC) detected in Dogecoin, as well as its variations specific to other networks including Zcash and Litecoin. This type of vulnerability can be used to execute remote code or deny services. However, according to Halborn's report, RPC exploits are particularly difficult to execute.
"Successful exploitation requires valid credentials, which reduces the likelihood of the entire network being at risk and since some nodes implement the stop command," experts say.
Halborn has attempted to contact representatives of the networks it reviewed to inform them of the detected zero-day vulnerabilities. The team specifically recommends networks with UTXO-based nodes to ensure that all of their nodes are updated to the latest version (1.14.6).