In a recent announcement, blockchain security firm dWallet Labs disclosed a vulnerability that could affect $1 billion worth of cryptocurrency assets. Assets potentially affected include Ether (ETH), Aptos (APT), BNB (BNB) and Sui (SUI). Here are the details…
dWallets warned for SUI and various coins
dWallet Labs detailed its findings in an article, highlighting a potential vulnerability in validators hosted by infrastructure provider InfStones. The research paper focused on discovering vulnerabilities in Blockchain networks, specifically targeting InfStones validators. According to dWallet Labs, a series of vulnerabilities were exploited to gain full control, execute code and extract private keys from hundreds of validators across large networks. The report included the following statements:
A number of vulnerabilities we discovered and exploited during our research allowed us to take full control of hundreds of validators across multiple large networks, execute code, and extract their private keys, resulting in direct losses of over a billion dollars in cryptocurrencies such as ETH, BNB, SUI, APT, and others. It had the potential to lead to
Answer came from InfStones: There is no risk
If exploited, the vulnerability would allow an attacker to obtain private keys across various blockchain networks, potentially putting over $1 billion in staked assets at risk. InfStones denied that the shortfall could affect $1 billion in assets. InfStones representative Darko Radunovic explained that the potential vulnerability only affects a small portion of the live nodes they launch. Radunovic stated that the vulnerability was discovered in 237 samples, consisting of 212 cases identified for testing and 25 samples as newly launched nodes in the production environment.
“Instances detected in production constitute less than 0.1% of the live nodes we have released to date,” Radunovic said. The company immediately addressed the issue by publishing a blog post to confirm that the vulnerability had been fixed. InfStones conducted internal reviews to further improve security measures. It had previously engaged the services of an accredited security firm to audit its systems and company policies. It had also previously launched a bug bounty program. The bug bounty program encourages third parties to cooperate in detecting and addressing potential vulnerabilities.
InfStones manages over 20,000 nodes
InfStones is an enterprise-grade Platform as a Service (PaaS) Blockchain infrastructure provider. InfStones’ AI-based infrastructure provides developers worldwide with a robust, powerful node management platform along with an easy-to-use API. With 20,000+ nodes supported on 80+ Blockchains, InfStones provides developers with many possibilities. InfStones is used by Binance, CoinList, BitGo, OKX, Chainlink, Polygon, Harmony and KuCoin, among hundreds of other clients.