Security firm: Zero-day vulnerability discovered that affects more than 280 blockchain networks

On March 14, blockchain security company Halborn published a statement saying that in March 2022, Halborn was hired to evaluate whether there were any vulnerabilities in the Dogecoin open source code base that could affect blockchain security. During this evaluation, Halborn discovered several serious and exploitable vulnerabilities that have been fixed by the Dogecoin team. However, after a more extensive review, Halborn determined that the same vulnerability affected more than 280 other networks, including Litecoin and Zcash, putting more than $25 billion in digital assets at risk. Halborn codenamed this vulnerability Rab13s.
The Rab13s vulnerabilities were discovered in the p2p messaging mechanism of the affected network, and they increase the likelihood of attacks due to their simplicity. Exploiting this vulnerability, an attacker could send crafted malicious consensus messages to individual nodes, causing each node to shut down and ultimately putting the network at risk of 51% attacks and other serious issues. The second vulnerability in the RPC service allows an attacker to crash a node through an RPC request. However, successful exploitation requires valid credentials, which reduces the likelihood that the entire network is at risk because some nodes execute the stop command. The third vulnerability allows an attacker to execute code in the context of a user running a node through RPC. However, the likelihood of this exploit is lower because it requires valid credentials to perform the attack.
Halborn said it has developed an exploit kit for Rab13s, including a proof of concept with configurable parameters to demonstrate attacks on different networks. All necessary technical information has been shared with identified stakeholders to help them fix the bugs and release necessary patches for the community and miners. For projects using UTXO-based nodes (such as Dogecoin), it is recommended to upgrade all nodes to the latest version (1.14.6). Due to the severity of the problem, Halborn will not release more technical or exploit details at this time.