At least 280 blockchains currently contain security bugs that could be used to take advantage of multiple vulnerabilities on their networks, giving access points to nefarious hackers, according to a security firm. Litecoin and Zcash are among the affected blockchains that support various kinds of DeFi protocols and other types of Web3 platforms for the metaverse, gaming or asset trading. A total of $25 billion (roughly Rs. 2,06,300 crore) is at risk while these blockchains remain unpatched. The findings have been shared by Halborn, a blockchain security firm.
Halborn says it first discovered this security bug last year on the open-source codebase for Dogecoin’s own dedicated blockchain. The security platform has dubbed the vulnerability ‘Rab13s’. “The most critical vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages and send it to individual nodes and taking them offline. An attacker can crawl the network peers and attack the unpatched nodes,” Rob Behnke, the CEO of Halborn states in the post.
4/ Another zero-day identified by Halborn was uniquely related to #Dogecoin, including an RPC vulnerability impacting individual miners.
Subsequently, variants of these 0-days were also discovered in similar blockchain networks potentially leading to DoS or RCE attacks.
— Halborn (@HalbornSecurity) March 13, 2023
Detailing the technical red flags that can help developers identify if the Rab13s has impacted their blockchains, the security firm says it has found a way to neutralise the bug. “Halborn successfully developed an exploit kit for Rab13s. All the necessary technical information has been shared with the identified stakeholders to help them remediate the bugs, and to release the necessary patches for the community and miners,” Behnke added.
The security firm has warned that this glitch is ‘severe’ and that could have catastrophic consequences if not tackled in a timely fashion.
Each blockchain hosts a wide array and range of DeFi applications, that are used by thousands of people to invest, trade their assets, or run similar services. The Ethereum blockchain alone, supports nearly 3,000 decentralised apps making it the most commercialised blockchain.
Vulnerabilities in blockchain networks could risk functional failures of all protocols reliant on them, leaving billions of dollars at risk. “On vulnerable networks, a successful exploitation of the relevant bug could lead to denial of service or remote code execution,” Behnke notes.
Interestingly, Halborn’s warning post for blockchains comes just a day after Euler Finance lost millions in an exploit. The DeFi lending protocol is estimated to have lost a large amount somewhere in between $177 million (roughly Rs. 1,455 crore)-$195 million (roughly Rs. 1,600 crore). Exact details of the exploit are yet be revealed remain by Euler.
Hackers managed to steal as much as $3.8 billion (nearly Rs. 31,100 crore) from the crypto-dominated DeFi sector last year, according to a recent report by Chainalysis.