Editor's note: This story has been updated to reflect the correction of a vulnerability in Dogecoin code.
An evaluation of the Dogecoin DOGE/USD open-source codebase for potential vulnerabilities that could compromise the security of the blockchain network uncovered numerous critical and exploitable vulnerabilities that were code-named "Rab13s" and have since been corrected.
Upon investigation by cybersecurity firm Halborn, these vulnerabilities extended to over 280 additional networks, including Litecoin LTC/USD and Zcash ZEC/USD, thereby placing more than $25 billion worth of digital assets in jeopardy.
Dogecoin Core developer Patrick Lodder said the vulnerabilities were discovered by Halborn, who privately informed Dogecoin maintainers. Dogecoin's maintainers took swift action and resolved the issues in the code that was released with version 1.14.6.
The bug fixes were incorporated into the network code, hardening effort that was already underway, he said.
"Today, with over 50% of the network having upgraded, the risk to the network as a whole is believed to be mitigated, but individual nodes that have not yet upgraded can still be vulnerable and all node operators are recommended to upgrade at their earliest convenience," Lodder said on a Dogecoin development board.
Significant Vulnerabilities In Peer-to-Peer Communications Uncovered
Researchers discovered multiple vulnerabilities within the open-source code for blockchain networks such as Dogecoin, Litecoin and other networks with comparable codebases.
The most critical vulnerability pertained to peer-to-peer (P2P) communications, in which attackers can craft malicious consensus messages and transmit them to individual nodes, subsequently causing these nodes to go offline.
Also Read: FTX Set To Reclaim $460M From Bahamas-Based Hedge Fund In Settlement
Potential Risks And Consequences
The simplicity of the Rab13s vulnerabilities heightens the likelihood of an attack.
If successfully exploited, these vulnerabilities could have resulted in a denial of service or remote code execution, thereby exposing the network to substantial risks, such as 51% attacks and other severe complications.
Addressing And Mitigating Vulnerabilities
In the interest of responsible disclosure, Halborn said it made a concerted effort to contact the networks affected by these vulnerabilities.
In its report, the cybersecurity firm advised projects using a UTXO-based node to upgrade all nodes to the most recent version (1.14.6).
Speaking with Benzinga, Halborn's COO David Schwed said the swift response by Halborn and the affected blockchain projects demonstrates the importance of collaboration in the Web3 ecosystem.
"By working together to mitigate risks, the community can ensure a more secure and resilient future for digital assets," he added.
Read Next: Crypto Crackdown: SEC Warns Exchanges They 'May Be Subject To Federal Securities Laws'
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.