In early 2022, Halborn was hired to analyze the Dogecoin open source codebase for potential security threats(Rab13s). Unfortunately, the evaluation uncovered several critical vulnerabilities that could have been exploited by attackers to compromise the blockchain’s security.
The Dogecoin team was notified and quickly fixed the issues. However, Halborn’s investigation later revealed that the same vulnerabilities also impacted more than 280 other networks, including popular cryptocurrencies like Litecoin and Zcash.
This discovery exposed over $25 billion worth of digital assets to potential attacks. Halborn has named this vulnerability “Rab13s”.
Background and exploitability of Blockchain
In early 2022, a team of researchers at Halborn led by Senior Offensive Security Engineer Hossam Mohamed conducted an evaluation of the open-source codebase for several blockchain networks including Dogecoin, Litecoin, and others with similar codebase. The assessment uncovered multiple vulnerabilities, including a critical one related to the peer-to-peer (p2p) communications that could enable attackers to send consensus messages to individual nodes and take them offline.
Attackers can exploit the vulnerability by crawling the network peers using getaddr messages and targeting the unpatched nodes. In addition, Halborn identified a zero-day vulnerability that was unique to Dogecoin, an RPC (Remote Procedure Call) Remote code execution vulnerability that impacts individual miners.
While some of the other issues identified were known CVEs from Bitcoin, variants of these zero-days were discovered in similar blockchain networks, such as Litecoin and Zcash. Although not all the vulnerabilities are exploitable on all networks due to differences in the codebase, at least one of them could be exploited on each vulnerable network. Successful exploitation of the relevant vulnerability on vulnerable networks could result in denial of service or remote code execution.
Dogecoin Evaluation and Risks
The evaluation of the Dogecoin open source codebase for potential vulnerabilities, Halborn discovered Rab13s – a critical vulnerability that affects the peer-to-peer (p2p) messaging mechanisms in several networks, including Litecoin and Zcash. This vulnerability allows attackers to send crafted malicious consensus messages to individual nodes, leading them to shut down and eventually exposing the network to significant risks such as 51% attacks.
In addition to the Rab13s vulnerability, Halborn found two other vulnerabilities that could affect the security of the blockchain. The second vulnerability pertains to the RPC (Remote Procedure Call) services, which enables an attacker to crash the node via RPC requests. Although successful exploitation requires valid credentials, it still poses a potential risk to the network. The third vulnerability allows attackers to execute code in the context of the user running the node via the public interface (RPC). While this exploit requires a valid credential, it still poses a lower likelihood of risk to the network.
It’s important to note that these vulnerabilities impact over 280 networks with similar codebase, and the risk of exploitation varies depending on the network. However, on vulnerable networks, exploitation of these vulnerabilities could lead to severe issues such as denial of service or remote code execution.
The discovery of these vulnerabilities underscores the importance of regular evaluations of blockchain networks for potential vulnerabilities, particularly as digital assets continue to grow in value and importance.
Remediation for Dogecoin
Halborn was able to create an exploit kit for Rab13s, which includes a proof of concept that can be configured to show the vulnerability on various networks. All technical information was shared with relevant stakeholders to help address the issue and develop patches for the community and miners, without sharing the exploit-kit code with any third parties.
For projects using a UTXO-based node like Dogecoin, Halborn recommends upgrading all nodes to the latest version, 1.14.6. Due to the seriousness of the issue, Halborn has decided not to disclose further technical or exploit details at this time.
Innovative and Enjoyable Crypto Readings: Explore the Fun Side of Cryptocurrency :
- Aurora Engine Vulnerability Foiled by Hacker, Earns $6 Million Prize
- Mango Markets $100 Million Exploiter Reveals Identity
- Sony Music Flies for Trademark Application for NFT while LimeWire and Universal Music Group(UMG) Partner for NFT Licensing Platform – Revolutionizing the Music Industry
- United Nations plans blockchain adaption for climate change
- Barclays seeks to patent blockchain stablecoin and KYC solutions
- Walmart joins MediLedger, a blockchain pharma supply chain project to combat counterfeit drugs
- Why is Dubai an Attractive Crypto Oasis?