| Getting your Trinity Audio player ready... |
A vulnerability that dates back to last March is still present in over 280 blockchain networks, including Litecoin (NASDAQ: LTC) and Zcash, potentially putting over $25 billion worth of digital assets at risk, a cybersecurity firm has revealed.
🚨 Halborn discovered massive #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!
🧵👇…
— Halborn (@HalbornSecurity) March 13, 2023
In a report this week, security researchers from Halborn revealed they first discovered the vulnerability after being contracted to audit Dogecoin’s (NASDAQ: DOGE) open-source codebase in March 2022. The DOGE team has since then fixed the vulnerability, which the Halborn team code-named Rab13s.
“However, after a broader review, Halborn determined that the same vulnerabilities affected over 280 other networks, including Litecoin and Zcash, putting over $25 billion of digital assets at risk,” Rob Behnke, the co-founder and CEO of Halborn says.
Behnke adds that his team found multiple vulnerabilities inside the open-source code for blockchain networks with a similar codebase to DOGE, including Litecoin and Zcash. Successful exploitation of the vulnerability relevant to each network could allow the hackers to launch a denial of service or remote execution attack.
Halborn further pointed out that attackers could shut down individual nodes by exploiting the vulnerability, exposing the networks to a 51% attack.
The company has developed an exploit kit for Rab13s that developers can leverage to demonstrate the attacks on different networks. It also shared all the necessary technical information with the relevant stakeholders to assist them in fixing the vulnerability.
Due to the severity of the issues and the possible ramifications, Halborn says it’s not releasing further technical or exploit detail currently.
The revelation comes at a time when hackers have stolen nearly $200 million from DeFi protocol Euler Finance, the largest hack in 2023. The attackers exploited a vulnerability in the protocol’s code, leveraging a flash loan from Aave to execute a series of transactions that exposed the protocol’s security deficiencies.
Watch: Dr. Craig Wright’s keynote speech on Cloud Security, Overlays & Blockchain
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
