Halborn detects zero-day hacks affecting over 280 crypto networks

Crypto network vulnerabilities remain rampant in 2023 after a disastrous 2022. In the latest example, a security research team revealed major risks in Dogecoin, Litecoin and Zcash, with warnings of additional risks.

CryptoKitties uses an open-source codebase designed to allow anyone to inspect, modify, and distribute the software’s source code. This openness fosters transparency, accountability, and innovation, helping the crypto community to continually develop and improve blockchain technology.

However, this also means that the code is vulnerable to exploitation by malicious actors who can identify and exploit its vulnerabilities.

Separate How can bad actors enter the network

Here are some of the ways in which open-source codebases may contain vulnerabilities that could affect the security of blockchains.

  1. Coding Errors: Even the most experienced developers can make coding errors that can leave the code open to exploitation. For example, a developer could create a vulnerability by failing to perform proper input validation, making it possible for an attacker to inject malicious code into the system. Similarly, an error in memory allocation or data management can lead to data corruption or leakage.
  2. Lack of code review: Open-source codebases rely on peer reviews to identify and fix problems in the code. However, if the codebase lacks a rigorous review process, it can lead to security gaps that attackers can exploit. Additionally, inexperienced developers who make changes without fully understanding the implications of their modifications may introduce new vulnerabilities.
  3. Forked Code: Forking is a process in which developers change an existing codebase to create a new project. Although forking is expected in the open-source community, it can introduce vulnerabilities if developers fail to incorporate security updates or make unapproved changes. If a forked project becomes popular, attackers may target it because of its potential vulnerabilities.
  4. Software Dependencies: Many open-source projects work correctly by using third-party libraries and frameworks. While these dependencies can save time and effort, they can also introduce vulnerabilities if they are buggy or out of date. Attackers can exploit these vulnerabilities to access sensitive data or compromise the integrity of the blockchain.
  5. Social Engineering: Even if the codebase is technically sound, attackers can still exploit human weaknesses to gain access to the system. For example, they can use phishing attacks to obtain login credentials or developers to introduce malicious code into the system.

Crypto Platforms See Rise in Illegal Activities

Finally, the open-source nature of crypto coins’ codebases provides significant benefits such as transparency and innovation. However, it also introduces potential vulnerabilities that attackers can take advantage of. Therefore, developers must constantly review and improve the code to ensure its security and maintain the integrity of the blockchain.

Bad actors involved in cryptocurrency hacks raised $3.80 billion last year. Illegal activities in 2022 were up 15% from 2021 figures ($3.30 billion) and dramatically exceeded the $0.50 billion stolen in 2020.

Crypto Hacks from 2016 to 2022 Source: Chainalysis.  Dogecoin (DOGE)
Crypto Hacks from 2016 to 2022 Source: Chainalysis

According to a finding by cyber security firm Halborn, 2023 could be even more disastrous. Vulnerabilities were discovered in over 280 major blockchains. These included Dogecoin, Litecoin and Zcash. In total, approximately $25 billion in assets were put at risk.

highlight major flaws

Halborn researchers evaluated DOGE’s open-source code base to test for unknown exploits, or “zero-day vulnerabilities,” in its code that could target blockchain miners’ funds.

Zero Day Vulnerability Source: Panda Security
Zero Day Vulnerability Source: Panda Security

The researchers identified two critical gaps, codenamed Rab13s. Dogecoin developers later fixed the errors after being alerted by the security firm.

serious consequences of malicious incidents

The identification of the flaw raised further suspicions as these zero-day variants were also discovered in similar blockchain networks including Litecoin and Zcash. Not noticing the lag can have serious consequences.

First, with respect to the P2P messaging mechanism, malicious consent messages can be sent to each node, causing them to shut down and exposing the network to serious risks such as 51% attacks. Going forward, attackers can execute code via public interface (RPC) as a normal node user. The probability of an exploit is low as a valid credential is required to carry out the attack.

Therefore, to prevent further damage, the security firm’s team recommended upgrading all UTXO-based nodes (eg, Dogecoin) to the latest version (1.14.6).

In a further conversation over mail, the security firm answered some of the questions asked by BeInCrypto. When asked how Zcash, Litecoin and Dogecoin fixed the vulnerabilities, the team replied:

Screenshot shared by the Halbourne team
Screenshot shared by the Halbourne team

Such events can have ramifications for the wider crypto ecosystem. Steve Walbrohl, Chief Security Officer and co-founder of Helloborn, said:

“The longer the issue exists on the public mainnet, the more likely it is to be discovered and exploited by hackers with malicious intent. Since we had already completed work with Dogecoin, we have The largest stakeholder had already identified a solution and it could be given as an example to all other chains. It was a respectful call to action for a positive outcome, with individual projects building on each other. working to solve a common threat to help

BeInCrypto reached out to the core developers of Dogecoin and Zcash for comments on this topic. However, no response has been received so far.


All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source link

Leave a Comment