Over 280 Crypto Networks, Including Dogecoin, at Risk Due to Catastrophic Flaws
Several critical vulnerabilities were discovered in the open-source code of blockchain networks Dogecoin, Litecoin, and Zcash through an evaluation of the Dogecoin Core codebase. Of the vulnerabilities found, the most significant one related to peer-to-peer communication. Attackers could create malicious consensus messages, send them to individual nodes, and cause those nodes to go offline, thus exposing them to a denial of service risk or remote code execution. Cybersecurity firm Halborn, which uncovered the bugs and privately informed Dogecoin maintainers, advised projects using a UTXO-based node to upgrade all nodes to the most recent version 1.14.6, noting the importance of collaboration in the Web3 ecosystem. Full upgrades suggested for LiteCoin were version 0.18.1 (CVE-2021-3520) and version 0.18.2 (CVE-2021-3966); version 4.3.2 was advised for ZCash. The maintenance teams of both Litecoin and ZCash have followed best practice and each assigned a CVE number to the vulnerabilities discovered in their code. Litecoin assigned the following CVE numbers CVE-2021-3520 and CVE-2021-3918, while ZCash assigned the VU#928933 number. The cybersecurity firm informed over 280 networks which found the Rab13s code defects, which could have caused system breakdowns that jeopardized over $25 billion worth of digital assets. Lodder, a Dogecoin Core developer, stated that swift action was taken, and the issues in the code were resolved upon release of version 1.14.6. While over 50% of the network upgraded, there is still a risk to individual nodes that had not upgraded.