Blockchain alert! – Flaws are permanent enemies of cryptocurrencies. Indeed, these can jeopardize entire ecosystems. A recent publication of Harlborn presented a critical flaw which could impact hundreds of blockchains.
Alarming vulnerabilities discovered on Dogecoin
Halborn is a company specializing in blockchain security. In March 2022, the company obtains a contract to evaluate the source code Dogecoin. What was supposed to be a simple verification turned into a nightmare.
During his study, Halborn discovered several critical vulnerabilities which could have resulted from on hacks. These have since been corrected on Dogecoin. However, upon further investigation, Halborn discovered that the same vulnerabilities were present on no less than 280 different blockchains. This flaw, which impacts networks, such as Litecoin Or Zcashputs more than 25 billion digital assets at risk.
Halborn researchers named this suite of vulnerabilities “Rab13s”.
>> A safe platform to buy your cryptos? Register on PrimeXBT (commercial link) <<
Rab13s: what are the most critical flaws?
In a post-mortem article, Rob Behnke de Halborn returns to these flaws. In reality, Rab13s is composed of the most critical flaws discovered by Halborn teams during its study on Dogecoin, then on hundreds of other chains.
Peer-to-peer vulnerability
“The most critical vulnerability discovered is related to peer-to-peer (p2p) communications. Attackers can create consensus messages and send them to individual nodes to take them offline. »
Declaration of Halborn
Thus, via this vulnerability, a malevolent user is able to explore the various network peers and attack the vulnerable nodes. This could have dramatic repercussions. Concretely, thanks to Rab13s, an attacker would be able to send malicious consensus messages to network nodes to take them offline. This massive shutdown of network nodes drastically increases the 51% risk of attack.
Indeed, the attacker could, for example, rent computing power on Nicehash in parallel with his attack on the nodes of the network. Result: a concentration of more than 51% of the power of the network in the hands of the attacker.
Flaws of RPCs
The second critical flaw targets RPC nodes (Remote Procedure Call). These nodes act as an interface between the user and the blockchain.
“The second vulnerability in RPC services allowed an attacker to crash the node via RPC requests. »
Declaration of Halborn
Fortunately, the success of this attack requires valid credentials. As explained by Halborn, this drastically reduces the likelihood of a network-wide contagion.
Finally, the third vulnerability permits an attacker to execute code in the context of the user operating the RPC node. Like the previous flaw, this requires credentials that greatly reduce the attack surface.
A kit put in place by Halborn to avoid the worst
Fortunately, Halborn was able to produce a Rab13s kit which allows you to test the different attack vectors on a network. Note that this kit was not shared. At the same time, Halborn has shared technical information on the flaws in the blockchains concerned in order to help them correct the vulnerabilities.
Fortunately, these flaws have not yet been exploited. This could have drastically increased the already considerable toll of hacks of 2022. In effect, 3.8 billion dollars were stolen in the ecosystem Challenge.
Hacks are unfortunate hazards, but not inevitable… Play it safe and register now on the PrimeXBT platform (commercial link).