A zero-day threat refers to a vulnerability or weakness in software or hardware that is unknown to the developer or manufacturer, and therefore no patch or update exists to fix it. This makes it difficult for organizations to protect themselves against the attack.
Zero-day threats can apply to blockchains in several ways.
First, they can target the blockchain software itself, exploiting a vulnerability in the code to gain access to sensitive information or alter the blockchain’s data. This can result in significant damage to the blockchain, such as the theft of cryptocurrency or a compromise of the blockchain’s integrity.
Second, zero-day threats can target the nodes or users of the blockchain network. Malicious actors may exploit a vulnerability in a node or user’s software to gain control of their device or steal their private keys, which can be used to access their cryptocurrency holdings.
Lastly, zero-day threats can target the smart contracts that run on a blockchain. These contracts are essentially self-executing pieces of code that automatically trigger when certain conditions are met. If a zero-day vulnerability is present in a smart contract, it can be exploited to execute unauthorized transactions or manipulate the contract’s behavior.
Halborn researchers discovered several of these zero-day threats within the open-source code of various blockchain networks, such as Dogecoin, Litecoin, and other networks with comparable codebases.
Halborn outlined three main zero-day vulnerabilities.
P2P Communication
Rab13s vulnerabilities were found inside the peer-to-peer (p2p) messaging mechanisms.
They were qualified as the “most critical” since not only they can allow an attacker to “send crafted malicious consensus messages to individual nodes, causing each to shut down and eventually expose the network to risks like 51% attacks and other severe issues.”
But, they are extremely simple to put into motion.
For Halborn, an attacker “can crawl the network peers using getaddr message and attack the unpatched nodes.”
It’s as simple as that.
RPC & Node Crashing
The second vulnerability detected by Halborn was in the Remote Procedure Call (RPC) services of the node that enabled a potential attacker to provoke a node shutdown by making RPC requests.
It should be noted, however, that the effective exploitation of this vulnerability necessitates valid credentials, thereby diminishing the probability of a threat to the entire network. Furthermore, given that certain nodes execute the “stop” command, such nodes may not be impacted by this vulnerability.
RPC & Code Executing
The third vulnerability observed in the node permits attackers to execute code “in the context of the user running the node through the public interface (RPC)”. In other words, by exploiting this vulnerability, attackers can execute code as a regular node user through the RPC public interface.
However, Halborn reports that the likelihood of a successful exploit of this vulnerability is comparatively low, since it necessitates valid credentials like in vulnerability #2.
#Blockchain #Networks #25B #Risk #Imminent #Exploits #NEFTURE #SECURITY #Blockchain #Security #Web3 #Magazine
