Dogecoin, a cryptocurrency project with a market capitalization of over $58 billion, was recently attacked with an exploit that heavily affected its node structure. The exploit, dubbed “Dogereaper,” allowed Sequentia developer Andreas Kohl to crash 69% of all the Dogecoin nodes using only an old laptop from El Salvador.

The exploit allows any attacker to use the name of any node to remotely crash it. The

“Department Of DOGE Efficiency” account on X likened this behavior to a death note, a fictional notebook that allows the user to write a person’s name to kill it.

While the attack heavily affected dogecoin nodes, it could have been worse: the vulnerability had already been disclosed by Tobias Ruck, an ecash developer, and Roqqit, another developer. Talking to news.bitcoin.com, Ruck stated that he first discovered this vulnerability while developing doged, an alternative to Dogecoin Core. Ruck explained that while testing the ported code for their alternative software, he found a segmentation fault that had not been fixed in the original code.

He then confirmed that the vulnerability could target specific nodes and crash them remotely and started planning the disclosure of this failure to fix the issue.

Ruck explained:

We don’t condone crashing nodes, we put a lot of effort into keeping the network secure. The attack could’ve been much more severe. All the important stakeholders like miners, exchanges etc. have been patched long before the attack, and it shows how important it was that we treaded carefully.

In Ruck’s words, if the situation had been managed differently, this could have been far worse for the network and it could have been stopped entirely, affecting the operativity of Dogecoin. The fixes mitigating this problem were applied in the last update to the node software, and only out-of-date nodes were affected.

Ruck concluded:

Given the low effort of the attacker relative to the outcome, it again shows the severity.

Situations like this underscore the relevance of a team of developers maintaining the codebase of each crypto project. Ultimately, a blockchain is software, and its security depends on whether the code is constantly audited or abandoned.