On February 24, 2023, Khun Nueng Poraminpost a messagePosted on Facebook about a Node Bitcoin vulnerability that could cause Node to crash and lead to a 51% attack (51% Attack), but after posting There are many negative trends coming out saying that they are asking for evidence. It also said that many people were damaged. But Khun Poramin still didn’t react much.
Until on March 14, 2023, Khun Nueng Poramin postedUpdate on the case via the original Facebook page. The details are given as follows:
- Now it has been officially announced by several Auditor teams who are Developers, including Cybersecurity, Cryptography, Privacy Layer and others.
- Let’s start with the “Rab13s vulnerability”, which is the main vulnerability in the attack. Such vulnerabilities are Several vulnerabilities in open source code on the Blockchain Network, such as Dogecoin, Litecoin, Zacsh, and many others, have similar default code.
During this evaluation, Halborn identified a number of critical and exploitable vulnerabilities. However, after a wider investigation, Halborn noted that the same vulnerability affected more than 280 other networks, putting over $25 billion worth of digital assets at risk. from found vulnerabilities
The most significant vulnerability discovered was in Peer-to-Peer (P2P), an attacker could create consensus messages and send them to individual nodes and thus offline the network.
risks and consequences
- Rab13 vulnerability 1 has been found in the P2P messaging mechanism in affected networks. which because of its simplicity This increases the chance of being attacked. with this vulnerability An attacker can send malicious consensus messages to each node, causing each node to shut down and exposing the network to vulnerabilities such as 51% attacks and other serious problems.
- The second vulnerability in the RPC service allows an attacker to misbehave on a node through an RPC request, however, a successful exploit requires valid credentials. This reduces the chance that the entire network will be at risk. And because some nodes use stop commands
- The third vulnerability allows an attacker to execute code in the context of a user running a Node through a public interface (RPC).