Trusted

How Did Dogecoin and Zcash Tackle Source Code Vulnerabilities That Exposed $25B in Crypto?

4 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Cryptocurrency hacks rose by $3.80 billion last year. Illicit activities in 2022 were 15% up over 2021 ($3.30 billion).
  • Cybersecurity firm Halborn recently discovered multiple critical vulnerabilities affecting over 280 UTXO networks.
  • Halborn worked closely with Dogecoin core developers to disclose each of zero-day findings until all the vulnerabilities were fixed.
  • promo

Crypto network vulnerabilities remain at large in 2023 after a disastrous 2022. In the latest example, a security research team revealed massive risks at Dogecoin, Litecoin, and Zcash, with developers warning of additional risks. 

Cryptocurrencies use an open-source codebase designed to allow anyone to inspect, modify, and distribute the software’s source code. This openness promotes transparency, accountability, and innovation, enabling the crypto community to continually develop and improve blockchain technology.

However, it also means that the code is vulnerable to exploitation by malicious actors who can identify and exploit its weaknesses.

Different Ways Bad Actors Can Penetrate Network

Here are some ways in which open-source codebase can have vulnerabilities that could affect the security of the blockchain.

  1. Coding errors: Even the most experienced developers can make coding errors that could leave the code open to exploitation. For instance, a developer might create a vulnerability by failing to perform proper input validation, making it possible for an attacker to inject malicious code into the system. Similarly, an error in memory allocation or data handling could cause data corruption or leaks.
  2. Lack of code review: Open-source codebases rely on peer reviews to identify and fix issues in the code. However, if the codebase lacks a rigorous review process, it can lead to security gaps that attackers can exploit. Additionally, inexperienced developers who make changes without fully understanding the implications of their modifications can introduce new vulnerabilities.
  3. Forked code: Forking is a process in which developers change an existing codebase to create a new project. Although forking is expected in the open-source community, it can introduce vulnerabilities if the developers fail to incorporate security updates or make improper changes. If a forked project becomes popular, attackers may target it due to its potential vulnerabilities.
  4. Software dependencies: Many open-source projects function correctly using third-party libraries and frameworks. While these dependencies can save time and effort, they can also introduce vulnerabilities if they contain flaws or are outdated. Attackers can exploit these vulnerabilities to access sensitive data or compromise the blockchain’s integrity.
  5. Social engineering: Even if the codebase is technically sound, attackers can still exploit human weaknesses to access the system. For example, they might use phishing attacks to obtain login credentials or trick developers into introducing malicious code into the system.

Crypto Platforms See Rise in Illicit Activities

In conclusion, the open-source nature of crypto coins’ codebase provides significant benefits, such as transparency and innovation. However, it also introduces potential vulnerabilities that attackers can exploit. Therefore, developers must continually review and improve the code to ensure its security and maintain the blockchain’s integrity.

Bad actors involved in cryptocurrency hacks rose by $3.80 billion last year. Illicit activities in 2022 were up 15% on 2021 figures ($3.30 billion) and dramatically up on the $0.50 billion stolen in 2020.

Crypto Hacks from 2016 to 2022 Source: Chainalysis. Dogecoin (DOGE)
Crypto Hacks from 2016 to 2022 Source: Chainalysis

According to a finding from the cybersecurity firm Halborn, 2023 could have been even more disastrous. Vulnerabilities were discovered in over 280 major blockchains. These included Dogecoin, Litecoin, and Zcash. In total, about $25 billion of assets were put at risk.

Highlighting the Main Loophole

Halborn researchers evaluated DOGE’s open-source code base to test for unknown exploits, or “zero-day vulnerabilities,” in its code that could target blockchain miners’ funds. 

Zero Day Vulnerabilities Source: Panda Security
Zero Day Vulnerabilities Source: Panda Security

Researchers identified two critical gaps code-named Rab13s. The Dogecoin developers later solved the errors after being alerted by the security firm. 

Severe Consequences of Malicious Events

Identifying loopholes raised more doubts as variants of these zero-days were also discovered in similar blockchain networks, including Litecoin and Zcash. Keeping the gaps in mind could lead to severe consequences. 

Firstly, concerning the P2P messaging mechanisms, malicious consensus messages can be sent to each node, causing them to shut down and exposing the network to severe risks like 51% attacks. Moving on, attackers can execute code through the public interface (RPC) as a normal node user. The likelihood of an exploit is lower since a valid credential is required to carry out the attack.

Therefore, to prevent further damage, the team at the security firm recommended upgrading all UTXO-based nodes (e.g., Dogecoin) to the latest version (1.14.6).

In a further conversation over the mail, the security firm answered a few questions asked by BeInCrypto. When asked about how Zcash, Litecoin, and Dogecoin fixed the vulnerabilities, the team replied: 

Screenshot shared by the Halborn team 
Screenshot shared by the Halborn team 

Such incidents can have implications for the broader crypto ecosystem. Steve Walbroehl, the chief security officer and co-founder of Halborn, asserted:

“The longer the issues exist on public mainnets, the more likely it is found and exploited by hackers with malicious intentions. Since we had already finished the work with Dogecoin, we had the largest stakeholder already identify a solution and fix that could be given as an example for all the other chains. It was an honorable call to action for a positive outcome with disparate projects working to help each other solve a common threat.” 

BeInCrypto contacted core developers at Dogecoin and Zcash for comments regarding this topic. However, hasn’t received a response yet. 

Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024

Disclaimer

Following the Trust Project guidelines, this feature article presents opinions and perspectives from industry experts or individuals. BeInCrypto is dedicated to transparent reporting, but the views expressed in this article do not necessarily reflect those of BeInCrypto or its staff. Readers should verify information independently and consult with a professional before making decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Shubham1.png
Shubham Pandey
An engineer and an accountant by degree, Shubham ventured into the crypto world to pursue his passion. He believes digital currencies will redefine our economies in the decades to come, which drove his transition into this industry. Shubham has a multicultural background, having lived across India, Qatar, Oman and Australia. He is currently settled in Melbourne. As a News Writer, Shubham aims to actively analyze trends in the crypto world and break it down for everyday readers.
READ FULL BIO
Sponsored
Sponsored