Skip to main content

Security firm discovers $500M vulnerability in Tron multisig accounts

After reporting the vulnerability to Tron in February, the researchers highlighted that the issue was promptly addressed and resolved within a few days.

A research team at dWallet Labs has discovered a zero-day vulnerability in Tron multisig accounts, allowing an attacker to bypass the multisignature mechanism and sign transactions with a single signature.

In a technical breakdown post, the research team said the vulnerability could have impacted $500 million in assets held in Tron multisig accounts. This is because it allows any signer to “completely overcome the multisig security offered by TRON.”

As its name suggests, multisignature wallets require multiple signers defined in an account to approve transactions and move funds, allowing the creation of joint accounts in crypto. Each account signer holds their own keys and the account requires a certain threshold for approving transactions. 

According to the research team, the vulnerability with Tron’s multisig allows for generating many valid signatures. They wrote:

“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.”

According to the cybersecurity team, Tron ensures the signatures are unique instead of checking if the signers are unique. Because of this, signers can potentially “double vote” or sign twice. Omer Sadika, the CEO of dWallet Labs, said the fix was simple: verify the address instead of the number of signatures.

Sadika discussed the vulnerability in a thread. Source: Twitter

The researchers noted that the vulnerability was reported to Tron in February and fixed days after.

Related: Justin Sun issues apology after Sui LaunchPool clashes with Binance CEO

Cointelegraph reached out to Tron for comments but did not receive a response.

In other news, another decentralized finance protocol recently suffered a $7.5 million exploit. On May 28, blockchain security firm PeckShield reported that Arbitrum-based Jimbos Protocol was hacked, resulting in the loss of 4,000 Ether (ETH).

Magazine: US and China try to crush Binance, SBF’s $40M bribe claim



from https://ift.tt/gVIDPWB
https://ift.tt/8PINn5Y
Labels:

Comments

Post a Comment

Any questions, Please.

Popular posts from this blog

Five Bitcoin Price Charts Analyzing The Dramatic Q1 2022 Conclusion

There are only hours remaining until the Q1 2022 close in Bitcoin price action. With the important quarterly candle set to close tonight, let’s look at what technicals might say about the direction of the next quarter. Q1 2022 Comes To A Close For Bitcoin The first quarter of a year, often sets the tone for the year to come. In investments, a poor Q1 performance is indicative of a bad year ahead. Considering the fact that Bitcoin price is now above $45,000 after touching $32,000 this quarter, it is tough to say the performance has been “poor” by anything other than crypto standards. Related Reading | Bitcoin Weekly Momentum Flips Bullish For First Time In 2022 The cryptocurrency has recovered nearly 40% from the low, leaving a long wick behind. Such a long wick suggests that before the quarter came to a close, buyers stepped up in a major way. Buyers were able to step up in a larger capacity in Q1 2022 than bears were able to in the final quarter of last year. The bearish wick to cl...
Post a Comment
Read more

FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer

On-chain activity suggests that the hacker has sent at least 225 BTC (4.5 million) to OKX so far. Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money.  A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far.  1/ Myself and @bax1337 spent this past weekend looking into the FTX attacker’s deposits to ChipMixer. It appears they’ve likely been transferring a portion of the stolen FTX funds to OKX after withdrawing from CM So far we’ve accounted for at least $4.1m (255 BTC) sent to OKX pic.twitter.com/C46JZWtktn — ZachXBT (@zachxbt) November 29, 2022 According to ZachXBT, the FTX h...
Post a Comment
Read more

2 metrics signal the $1T crypto market cap support likely won’t hold

Despite the 8.5% weekly rally in cryptocurrencies, the lack of stablecoin premiums in Asia and futures markets activity shows buyers’ lack of confidence. Cryptocurrencies broke the $1 trillion market capitalization resistance on Oct. 26, which had been holding strong for the previous 41 days. Despite Bitcoin’s ( BTC ) modest 5.5% weekly gains, the aggregate value of 20,000 listed tokens increased by 8.5% between Oct. 24 and 31. Total crypto market cap, USD (in billions). Source: TradingView The cryptocurrency market was positively impacted by a 6.3% weekly rally in the Russell 2000 mid-capitalization stock market index. Some encouraging news accompanied the positive tailwinds from traditional markets. For instance,  55,000 BTC was withdrawn from Binance on Oct. 26, a record high. Typically, analysts consider the reduced number of coins deposited on exchanges a bullish indicator, as the immediate selling pressure eases. Moreover, exchange and wallet provider Blockchain.com ...
Post a Comment
Read more