280 lossis ntau dua blockchain tes hauj lwm tau kwv yees tias yuav muaj kev pheej hmoo ntawm "xoom-hnub" kev siv dag zog uas tuaj yeem ua rau tsawg kawg $ 25 billion tus nqi ntawm crypto ntawm kev pheej hmoo, raws li cybersecurity tuam txhab Halborn.
Hauv lub Peb Hlis 13 blog, Halborn ceeb toom ntawm qhov tsis zoo uas nws hu ua "Rab13s" - ntxiv nws twb tau ua haujlwm nrog qee qhov blockchains, xws li Dogecoin, Litecoin thiab Zcash, los tsim kho nws.
Halborn nrhiav tau loj heev #ZeroDay cuam tshuam Dogecoin thiab 280+ tes hauj lwm suav nrog Litecoin thiab Zcash, muab ntau dua $ 25 billion ntawm cov cuab tam digital muaj kev pheej hmoo!
...
- Halborn (@HalbornSecurity) Lub peb hlis ntuj 13, 2023
Halborn tau cog lus los ntawm Dogecoin thaum Lub Peb Hlis 2022 los ua qhov kev tshuaj xyuas kev nyab xeeb ntawm nws cov codebase thiab pom "ntau qhov teeb meem tseem ceeb thiab siv tsis tau."
Tom qab ntawd nws txiav txim siab cov ntawd tib yam vulnerabilities "muaj kev cuam tshuam ntau dua 280 lwm lub network" uas ua rau muaj kev pheej hmoo ntau txhiab daus las ntawm cryptocurrencies.
Halborn tau hais txog peb qhov tsis zoo, qhov "tseem ceeb tshaj plaws" uas tso cai rau tus neeg tawm tsam "xa cov lus tsis txaus siab pom zoo rau tus kheej, ua rau txhua tus raug kaw."
3/ Qhov teeb meem tseem ceeb tshaj plaws uas pom tau yog cuam tshuam nrog kev sib txuas lus nrog phooj ywg-rau-peer (p2p) qhov twg cov neeg tawm tsam tuaj yeem tsim cov lus pom zoo thiab xa mus rau ib tus neeg, coj lawv offline.
Cov kws tshawb fawb Halborn, coj los ntawm @safe_buffer, muaj code-named no vulnerability #Rab 13s.
- Halborn (@HalbornSecurity) Lub peb hlis ntuj 13, 2023
Nws ntxiv cov lus no dhau sijhawm tuaj yeem nthuav tawm blockchain rau ib qho 51% nres qhov twg tus attacker tswj feem ntau ntawm lub network mining hash tus nqi los yog staked tokens los ua ib tug tshiab version ntawm blockchain los yog coj nws offline.
Lwm qhov tsis zoo ntawm xoom-hnub nws pom yuav tso cai rau cov neeg tawm tsam tuaj yeem tsoo blockchain nodes los ntawm kev xa cov txheej txheem hu rau Chaw Taws Teeb (RPC) - ib txoj cai tso cai rau ib qho kev sib txuas lus thiab thov kev pab cuam los ntawm lwm tus.
7/ Thib ob, cov neeg tawm tsam tuaj yeem tua cov cai los ntawm pej xeem sib cuam tshuam (RPC) raws li cov neeg siv ib txwm siv. Txij li daim ntawv pov thawj tsim nyog yuav tsum tau ua kom muaj kev tawm tsam, qhov ua tau ntawm qhov kev siv no tsawg dua.
- Halborn (@HalbornSecurity) Lub peb hlis ntuj 13, 2023
Nws ntxiv qhov ua tau ntawm RPC-txog kev siv dag zog qis dua vim nws xav tau cov ntaub ntawv pov thawj siv tau los ua qhov kev tawm tsam.
Halborn tau ceeb toom tias "Vim qhov sib txawv codebase sib txawv ntawm cov tes hauj lwm tsis yog tag nrho cov kev tsis txaus ntseeg yog siv tau ntawm txhua lub network, tab sis tsawg kawg yog ib qho ntawm lawv yuav siv tau rau txhua lub network," Halborn ceeb toom.
Related: Dhia Crypto thiab Oasis.app 'counter exploits' Wormhole hacker rau $ 225M
Lub tuam txhab tau hais tias lub sijhawm no nws tsis tau tshaj tawm cov ncauj lus qhia ntxiv ntawm kev siv dag zog vim lawv qhov hnyav thiab tau hais ntxiv tias nws tau ua "txoj kev ntseeg zoo" hu rau txhua tus neeg cuam tshuam los nthuav tawm cov peev txheej siv tau thiab muab kev kho rau qhov tsis zoo.
Dogecoin, Zcash thiab Litecoin twb tau siv thaj ua rau thaj rau qhov pom qhov tsis zoo, tab sis ntau pua tseem tuaj yeem nthuav tawm raws li Halborn.
Tau qhov twg los: https://cointelegraph.com/news/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm