+280 Blockchain Networks and their $25B at Risk of Imminent Exploits!
“There shall never be a peaceful week in crypto space!” — some crypto deity must have decreed at some point it seems!
Recently, blockchain security firm Halborn announced the discovery of security breaches — known as zero-day vulnerabilities — that could put over $25 billion dollars of digital assets at risk, including Dogecoin, Litecoin, and Zcash, among more than 280 networks.
A year ago, Dogecoin tasked Halborn with analyzing their open source codebase for any vulnerabilities that could affect the blockchain’s security.
And by crypto god, they stumbled on a fair share of them, which were subsequently fixed by the Dogecoin team.
But the story does not stop here.
Driven by curiosity and a deep care for the overall safety of the blockchain ecosystem, Halborn decided to check if these vulnerabilities existed in other networks.
After a thorough review, they discovered that these very same vulnerabilities were affecting over 280 other networks, and blared the alarm on March 13, 2023.
In today’s article, we will explore zero-day threats, how they can affect blockchains, and understand the zero-day vulnerabilities, code-named Rab13s by Halborn, that could endanger a significant portion of the crypto ecosystem.
Zero-Day Threat and Blockchains
A zero-day threat refers to a vulnerability or weakness in software or hardware that is unknown to the developer or manufacturer, and therefore no patch or update exists to fix it. This makes it difficult for organizations to protect themselves against the attack.
Zero-day threats can apply to blockchains in several ways.
First, they can target the blockchain software itself, exploiting a vulnerability in the code to gain access to sensitive information or alter the blockchain’s data. This can result in significant damage to the blockchain, such as the theft of cryptocurrency or a compromise of the blockchain’s integrity.
Second, zero-day threats can target the nodes or users of the blockchain network. Malicious actors may exploit a vulnerability in a node or user’s software to gain control of their device or steal their private keys, which can be used to access their cryptocurrency holdings.
Lastly, zero-day threats can target the smart contracts that run on a blockchain. These contracts are essentially self-executing pieces of code that automatically trigger when certain conditions are met. If a zero-day vulnerability is present in a smart contract, it can be exploited to execute unauthorized transactions or manipulate the contract’s behavior.
Halborn researchers discovered several of these zero-day threats within the open-source code of various blockchain networks, such as Dogecoin, Litecoin, and other networks with comparable codebases.
The Rab13s Vulnerabilities
Halborn outlined three main zero-day vulnerabilities.
P2P Communication
Rab13s vulnerabilities were found inside the peer-to-peer (p2p) messaging mechanisms.
They were qualified as the “most critical” since not only they can allow an attacker to “send crafted malicious consensus messages to individual nodes, causing each to shut down and eventually expose the network to risks like 51% attacks and other severe issues.”
But, they are extremely simple to put into motion.
For Halborn, an attacker “can crawl the network peers using getaddr message and attack the unpatched nodes.”
It’s as simple as that.
RPC & Node Crashing
The second vulnerability detected by Halborn was in the Remote Procedure Call (RPC) services of the node that enabled a potential attacker to provoke a node shutdown by making RPC requests.
It should be noted, however, that the effective exploitation of this vulnerability necessitates valid credentials, thereby diminishing the probability of a threat to the entire network. Furthermore, given that certain nodes execute the “stop” command, such nodes may not be impacted by this vulnerability.
RPC & Code Executing
The third vulnerability observed in the node permits attackers to execute code “in the context of the user running the node through the public interface (RPC)”. In other words, by exploiting this vulnerability, attackers can execute code as a regular node user through the RPC public interface.
However, Halborn reports that the likelihood of a successful exploit of this vulnerability is comparatively low, since it necessitates valid credentials like in vulnerability #2.
What Now?
Good news but also bad news!
Halborn underlined in their analysis, that “due to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network,“ but “on vulnerable networks, a successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution.”
Meaning actions must be taken right now!
Although for obvious reasons (avoiding exploits), Halborn did not release the technical details or exploit details, they tried to contact all the networks that were concerned.
In their own terms: “A good faith effort has been made to contact the affected networks for a responsible disclosure.”
One can only hope that all networks affected by these zero-day vulnerabilities will recognize the gravity of these threats and take every necessary precaution to patch these security breaches and protect their users.
About us
Nefture is a WEB3 Cybersecurity Company that keeps your wallet safe with our Metamask Extension. Register for the beta here!
We also allow brands to tap into web3 through 360° support on their blockchain project:
We specialize in blockchain technologies to make your project come to life and cybersecurity to completely secure your web3 journey: from building Smart Contracts, Audits, Minting websites, Dapps, Discord Audits and Securing,… to Security Breaches Investigation and Management!
Start your web3 journey with us: https://agency.nefture.com/
