A critical vulnerability in the Dogecoin network known as “DogeReaper,” which allowed a hacker to crash 69% of nodes, has been exposed. If exploited further, it could have potentially taken down the entire network. Surprisingly, the incident occurred after the Dogecoin Network developers claimed to have already released a security patch to fix the issue.
The DogeReaper Vulnerability Exposed
The DogeReaper vulnerability is a critical issue that could have allowed an attacker to crash any Dogecoin node remotely. The vulnerability was caused by a malformed AuxPow Coinbase, which could cause a Segmentation Fault in Dogecoin. This vulnerability is particularly concerning, as an attacker could have exploited it to disrupt the entire network.
AuxPow Coinbase refers to the first transaction in a block containing additional data proving the block was mined using the shared PoW algorithm to reward miners for their work. It is said to be malformed when the data is corrupted or incorrectly formatted, resulting in technical problems.
Two whitehat hackers, Tobias Ruck and Roqqit, discovered the network vulnerability and promptly notified the Dogecoin blockchain developers, detailing the vulnerability. Node operators were advised to update their software immediately. Notably, the latest incident affected nodes that did not upgrade to the newest patch, making them vulnerable to the attack.
After the vulnerability was publicly disclosed, a Bitcoiner claimed to be behind the latest hack. In response, the Dogecoin community called for increased awareness and education on security best practices to prevent similar incidents in the future.
Coinbase Response to DogeReaper Vulnerability
Coinbase, an American crypto exchange, is affected by the DogeReaper vulnerability due to its Dogecoin (DOGE) listing. As a validator in the Dogecoin network, the exchange operates nodes to support DOGE transactions and trading, which means vulnerabilities like DogeReaper can impact it.
The hackers reported their findings to Coinbase. However, the exchange’s response to the vulnerability has been criticized. Despite the potential severity of the vulnerability, Coinbase labeled it as “low” severity and “informative.” Furthermore, the exchange rewarded the hackers with a $200 bounty, which some consider inadequate given the vulnerability’s potential impact.
The incident reminds crypto users of the importance of ongoing security research and responsible disclosure in maintaining the integrity of blockchain networks. It also shows the need for node operators to stay up-to-date with the latest security patches and updates.
