Vulnerabilities found in crypto platforms Dogecoin, Lightning Network, and Proton Wallet


This week, vulnerabilities were announced in the Dogecoin (DOGE) network, Bitcoin's (BTC) Lightning Network (LN), and Proton Wallet, reminding users of potential technical risks when dealing with crypto assets.

Bitcoiner Andreas Kohl, the developer of the Sequentia Network, a bitcoin-powered blockchain, said he used a previously disclosed vulnerability to take down 69% of the Dogecoin network. According to Kohl, this was achieved using an "old ThinkPad in rural El Salvador."

The vulnerability, found by bitcoin developer Tobias Ruck, allowed an attacker to remotely shut down Dogecoin nodes, which store the Dogecoin blockchain data and validate DOGE transactions and blocks.

ADVERTISEMENT

Ruck said the reason why "only" 69% of the network was affected is that he "responsibly handled this" after the vulnerability was discovered.

"If it would've been exploited by a malicious actor, it could've brought down the network, with no blocks or transactions for a few days," the developer said. The vulnerability is now said to have been fixed.

Ernestas Naprys Niamh Ancell BW Konstancija Gasaityte profile vilius
Get our latest stories today on Google News

Meanwhile, bitcoin technical writer and co-author of Mastering Bitcoin, David A. Harding, disclosed a vulnerability that could have affected old versions of all four major implementations of the Lightning Network. LN is the so-called Layer 2 network that helps bitcoin scale with faster and cheaper transactions.

According to Harding, old versions of implementations such as Eclair and others would accept a series of operations that could allow a miner to steal up to 98% of a channel’s funds. Users of LN need to open and fund a special payment channel to transact BTC.

"All versions of all LN implementations, even today, are vulnerable to a theoretical version of the attack," Harding said, adding that current-generation LN implementations have tightened their bounds to limit the maximum vulnerable amount per channel.

Meanwhile, researchers at Zellic also found a vulnerability in the preview version of Proton Wallet, launched this past summer. However, the vulnerability was present only for a day.

"Thank goodness these researchers caught the bug; otherwise, tons of Proton wallets would have had a predictable [private key]," said Riccardo Spagni, a member of the Monero Core Team, responsible for the development of the privacy-focused Monero (XMR) cryptocurrency.

ADVERTISEMENT