Halborn, a cybersecurity company, discovered a flaw that exposed more than 280 blockchains to a so-called 51% attack. We take stock of this flaw, against which many players have already taken action.
https://cryptoast.fr/feed/
https://cryptoast.fr/halborn-decouvre-faille-exponent-280-blockchains-attack-51/
A vulnerability exposing many blockchains to a 51% attack
As part of a security audit originally conducted in March 2022 by Halborn on the open source code of Dogecoin (DOGE), the company discovered several vulnerabilities common to other networks. And for good reason, it was determined after extensive research that more than 280 blockchains were affected, and that for one of the most critical of its flaws, exploiting it could theoretically facilitate a 51% attack.
Such an attack would, if successful, take control of the targeted network. This flaw, dubbed RAB13, would give the possibility of sending malicious messages to the nodes of a network, which would stop them. The attack is then facilitated by the fact that it would become easier to control 51% of said network, as Halborn explains in a Twitter thread:
7/ 👉 Secondly, attackers can execute code through the public interface (RPC) as a normal node user. Since a valid credential is required to carry out the attack, the likelihood of this exploit is lower.
— Halborn (@HalbornSecurity) March 13, 2023
👉 To go further — Find our guide on best practices to limit the risk of hacking
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
🎧 Listen to this article and all other crypto news on Spotify
An update to fix the problem
After this discovery, Halborn’s teams attempted to contact the various entities behind each affected blockchain. In total, these are $25 billion in capitalization that was considered “at risk”, and this included networks such as Litecoin (LTC) and Zcash (ZEC). The latter two having already announced that they have done what is necessary.
This issue only affects blockchains with consensus using a proof-of-work (PoW) model. Specifically, Halborn indicates that this applies to “UTXO-based nodes»and that the latest software update should be performed to close the flaws.
Having never been discovered or exploited, all of the vulnerabilities in question are qualified as “Zero Day” flaws:
“Subsequently, variants of these zero-days were also discovered in similar blockchain networks, including Litecoin and Zcash. […] On vulnerable networks, successful exploitation of the affected vulnerability could lead to denial of service (DDoS) or remote code execution. »
Initially, these findings did not lead to any serious consequences. Anyway, all the actors concerned by this common code base are invited to carry out the necessary updates, and to contact the teams of Halborn if necessary.
👉 Also in the news — Angle Protocol’s agEUR hit in Euler Finance hack
🎁 Cryptoast Research Launch Offer
1st Newsletter Free with the code TOASTNL
Source: Halborn
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
I timidly discovered the world of blockchain at the end of 2018 during my quest for financial freedom. Initially invested moderately, it was only two years later that I took the gamble of betting everything on the movement that was taking shape then. I then dedicate 2021 to training myself better to acquire more knowledge and seriousness. As I often like to say: I still have a billion things to learn. And what I do know, I want to share with you.
Vincent Mayor
532 items