According to cybersecurity firm Halborn, more than 280 blockchain networks may be vulnerable to “zero-day” exploits, which could put at least $25 billion worth of cryptocurrencies at risk. Halborn warned of the vulnerability, which it named “Rab13s,” in a blog post on March 13, stating that it had already collaborated with Dogecoin, Litecoin, and Zcash to implement a fix for it. Halborn was hired in March 2022 to conduct a security audit of Dogecoin’s codebase and found several vulnerabilities that it classified as critical and exploitable.
Halborn identified three vulnerabilities, the most critical of which could allow an attacker to send malicious consensus messages to individual nodes, causing each to shut down, leading to a 51% attack or a shutdown of the blockchain. Halborn found two other zero-day vulnerabilities that could allow attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests. Halborn cautioned that while the vulnerabilities might not be exploitable on all networks, at least one of them may be exploitable on each network due to differences in the codebase.
While Dogecoin, Zcash, and Litecoin have already patched the vulnerabilities, hundreds of other networks may still be at risk, according to Halborn. It stated that it had contacted all potentially affected parties to disclose the potential exploits and provide remediation for the vulnerabilities. Halborn did not release further technical details about the exploits at this time due to their severity.