More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm


Related articles

Greater than 280 blockchain networks are vulnerable to “zero-day” exploits that would put not less than $25 billion price of crypto in danger, in accordance with cybersecurity agency Halborn.

In a March 13 weblog publish, Halborn warned of the vulnerability it dubbed “Rab13s” — including it has already labored with some blockchains, akin to Dogecoin, Litecoin and Zcash, to institute a repair for it.

Halborn stated it was contracted in March 2022 to conduct a safety overview of Dogecoin’s codebase and located “a number of essential and exploitable vulnerabilities.”

It later decided those self same vulnerabilities “affected over 280 different networks” that risked billions of {dollars} price of cryptocurrencies.

Halborn outlined three vulnerabilities, the “most crucial” of which permits an attacker to “ship crafted malicious consensus messages to particular person nodes, inflicting every to close down.”

It added these messages over time may expose the blockchain to a 51% assault the place an attacker controls the vast majority of the community’s mining hash price or staked tokens to make a brand new model of the blockchain or take it offline.

See also  Bridge attacks will still pose major challenge for DeFi in 2023 — Security experts

Different zero-day vulnerabilities it discovered would permit potential attackers to crash blockchain nodes by sending Distant Process Name (RPC) requests — a protocol permitting a program to speak and request providers from one other.

It added the probability of RPC-related exploits was decrease because it requires legitimate credentials to undertake the assault.

“Resulting from codebase variations between the networks not all of the vulnerabilities are exploitable on all of the networks, however not less than one in all them could also be exploitable on every community,” Halborn warned.

Associated: Leap Crypto and ‘counter exploits’ Wormhole hacker for $225M

The agency stated at the moment it’s not releasing additional technical particulars of the exploits as a consequence of their severity and added it made a “good religion effort” to contact all affected events to reveal the potential exploits and supply remediation for the vulnerabilities.

Dogecoin, Zcash and Litecoin have already carried out patches for the found vulnerabilities, however tons of may nonetheless be uncovered, in accordance with Halborn.

Source link

Related Posts

Leave a Reply

Your email address will not be published.