Security firm Halborn has identified multiple vulnerabilities in the open-source code for over 280 blockchain networks, including Dogecoin, Litecoin, and Zcash. The most critical vulnerability discovered by Halborn relates to peer-to-peer communications, where attackers can craft consensus messages and send them to individual nodes, taking them offline. This puts over $25 billion worth of digital assets at risk.

Halborn named this vulnerability Rab13s and developed an exploit kit that includes a proof of concept with configurable parameters to demonstrate the attacks on different networks. Halborn shared all necessary technical information with the identified stakeholders to help them remediate the bugs and release the necessary patches for the community and miners.

While some of the issues were known CVEs from Bitcoin, another zero-day vulnerability was uniquely related to Dogecoin, including an RPC Remote code execution vulnerability impacting individual miners. 

Variants of these zero-days were also found in similar blockchain networks, including Litecoin and Zcash. Due to codebase differences between the networks, not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network.

Halborn’s senior offensive security engineer, Hossam Mohamed, led the researchers who found the vulnerabilities. They discovered the Rab13s vulnerabilities inside the p2p messaging mechanisms in affected networks, which increase the likelihood of attack due to their simplicity.

Successful exploitation of the relevant vulnerability could lead to denial of service or remote code execution. Projects using a UTXO-based node, such as Dogecoin, are recommended to upgrade all nodes to the latest version (1.14.6).

Due to the severity of the issues, Halborn says it is not releasing further technical or exploit detail at this time. The vulnerabilities put many blockchain networks at risk, and it is essential that the necessary remediations are made to prevent any potential attacks.