Almost 300 cryptocurrency blockchains are under threat of hacker attack

Halborn cybersecurity experts note that about 300 blockchain networks are at risk of zero-day exploits. Potential hacker attacks jeopardize cryptocurrencies worth at least $ 25 billion. The analysts said that they cooperated with the developers of the Dogecoin, Litecoin, and Zcash blockchains, who worked on the bugs after identifying critical faults.

In March 2022, Dogecoin hired Halborn to conduct a comprehensive security check of the source code. At that time, the experts found «several critical and exploitable vulnerabilities». Later, it was found that the same bugs were common to more than 280 other networks, which put the digital assets of millions of users at risk.

Halborn employees identified 3 key blockchain vulnerabilities. the «most critical» of them allows fraudsters to «send specially crafted malicious messages to individual nodes, causing each of them to shut down.» Experts explained that the messages can eventually expose the chain to a «51% attack «- when a hacker controls most of the network or tokens in the staking to create a new version of the blockchain.

Other zero-day vulnerabilities allow potential hackers to compromise blockchain nodes by sending remote procedure call (RPC) requests. This is a protocol that allows one program to exchange data and request services from another.

Halborn noted that the probability of RPC-related exploits is the lowest. Experts emphasized that due to differences in the code base of blockchains, not all vulnerabilities can be exploited in each of them. However, at least one of the vulnerabilities can be used in any blockchain.

As a reminder, cybersecurity experts from the IT company Unciphered have revealed a scheme to hack a cryptocurrency wallet in one second. It turned out that the OneKey hardware crypto wallet does not encrypt data transmitted from the encrypted part to the central processor. By tampering with the wallet at the hardware level, the analysts were able to deceive the device, forcing it to return to factory settings. As a result of this «reset,» the experts were able to intercept the wallet’s passphrase in a second, which allows the attacker to transfer cryptocurrency to any address without any problems.