{"id":563386,"date":"2023-03-14T08:30:13","date_gmt":"2023-03-14T05:30:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm\/"},"modified":"2023-03-14T08:30:13","modified_gmt":"2023-03-14T05:30:13","slug":"more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm\/","title":{"rendered":"# More than 280 blockchains at risk of \u2018zero-day\u2019 exploits, warns security firm"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a363bf650e6e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a363bf650e6e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm\/#%E2%80%9D_More_than_280_blockchains_at_risk_of_%E2%80%98zero-day_exploits_warns_security_firm_%E2%80%9C\" >&#8221; More than 280 blockchains at risk of \u2018zero-day\u2019 exploits, warns security firm &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_More_than_280_blockchains_at_risk_of_%E2%80%98zero-day_exploits_warns_security_firm_%E2%80%9C\"><\/span>&#8221; More than 280 blockchains at risk of \u2018zero-day\u2019 exploits, warns security firm &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDMvZWNlZmRlZWItYjA1NC00Mjg3LTg2MDQtYWNiZmRmMDdkMGM3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-48054ca8>280 or more blockchain networks are estimated to be at risk of \u201czero-day\u201d exploits that could put at least $25 billion worth of crypto at risk, according to cybersecurity firm Halborn. <\/p>\n<p>In a Mar. 13 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.halborn.com\/blog\/post\/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks\">blog<\/a>, Halborn warned of the vulnerability it dubbed \u201cRab13s\u201d \u2014 adding it has already worked with some blockchains, such as Dogecoin, Litecoin and Zcash, to institute a fix for it.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"> Halborn discovered massive <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/ZeroDay?src=hash&amp;ref_src=twsrc%5Etfw\">#ZeroDay<\/a> impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!<\/p>\n<p>&#8230;<\/p>\n<p>\u2014 Halborn (@HalbornSecurity) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/HalbornSecurity\/status\/1635262272837746688?ref_src=twsrc%5Etfw\">March 13, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Halborn was contracted by Dogecoin in March 2022 to conduct a security review of its codebase and found \u201cseveral critical and exploitable vulnerabilities.\u201d<\/p>\n<p>It later determined those same vulnerabilities \u201caffected over 280 other networks\u201d that risked billions of dollars worth of cryptocurrencies.<\/p>\n<p>Halborn outlined three vulnerabilities, the \u201cmost critical\u201d of which allows an attacker to \u201csend crafted malicious consensus messages to individual nodes, causing each to shut down.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">3\/ The most critical vulnerability discovered is related to peer-to-peer (p2p) communications where attackers can craft consensus messages and send it to individual nodes, taking them offline. <\/p>\n<p>Halborn researchers, led by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/safe_buffer?ref_src=twsrc%5Etfw\">@safe_buffer<\/a>, have code-named this vulnerability <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Rab13s?src=hash&amp;ref_src=twsrc%5Etfw\">#Rab13s<\/a>.<\/p>\n<p>\u2014 Halborn (@HalbornSecurity) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/HalbornSecurity\/status\/1635262284703342593?ref_src=twsrc%5Etfw\">March 13, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It added these messages over time could expose the blockchain to a 51% attack where an attacker controls the majority of the network\u2019s mining hash rate or staked tokens to make a new version of the blockchain or take it offline.<\/p>\n<p>Other zero-day vulnerabilities it found would allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests \u2014 a protocol allowing a program to communicate and request services from another.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">7\/  Secondly, attackers can execute code through the public interface (RPC) as a normal node user. Since a valid credential is required to carry out the attack, the likelihood of this exploit is lower.<\/p>\n<p>\u2014 Halborn (@HalbornSecurity) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/HalbornSecurity\/status\/1635262288650440704?ref_src=twsrc%5Etfw\">March 13, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It added the likelihood of RPC-related exploits was lower as it requires valid credentials to undertake the attack.<\/p>\n<p>\u201cDue to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network,\u201d Halborn warned.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Jump Crypto and Oasis.<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> \u2018counter exploits\u2019 Wormhole hacker for $225M<\/em><\/strong><\/p>\n<p>The firm said at this time it\u2019s not releasing further technical details of the exploits due to their severity and added it made a \u201cgood faith effort\u201d to contact all affected parties to disclose the potential exploits and provide re<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tion for the vulnerabilities.<\/p>\n<p>Dogecoin, Zcash and Litecoin have already implemented patches for the discovered vulnerabilities, but hundreds could still be exposed according to Halborn.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; More than 280 blockchains at risk of \u2018zero-day\u2019 exploits, warns security firm &#8220; 280 or more blockchain networks are estimated to be at risk of \u201czero-day\u201d exploits that could put at least $25 billion worth of crypto at risk, according to cybersecurity firm Halborn. In a Mar. 13 blog, Halborn warned of the vulnerability&#8230;<\/p>\n","protected":false},"author":1,"featured_media":563387,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-03\/ecefdeeb-b054-4287-8604-acbfdf07d0c7.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,70375,72287],"class_list":["post-563386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/563386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=563386"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/563386\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/563387"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=563386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=563386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=563386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}