Warning Issued: This Altcoin Contains Vulnerability!

Security firm dWallet Labs has discovered a vulnerability in the Tron (TRX) network that compromises $500 million worth of altcoins/tokens.
 Warning Issued: This Altcoin Contains Vulnerability!
READING NOW Warning Issued: This Altcoin Contains Vulnerability!

Security firm dWallet Labs has discovered a vulnerability in the Tron (TRX) network that compromises $500 million worth of altcoins/tokens.

“Detected and fixed, no risk at this time”

The dWallet Labs team first reported the vulnerability to the Tron team in February. After that, it was emphasized that the problem was dealt with immediately and resolved within a few days.

According to the report, a vulnerability existed in Tron multisig accounts that could allow an attacker to bypass the multi-signature mechanism and sign transactions with a single signature. The research team said in the whitepaper that the vulnerability could affect $500 million worth of altcoins held in Tron multisig accounts. This is because it allows any signer to “completely overcome the multi-signature security offered by TRON.”

As the name suggests, multi-signature wallets require multiple signers defined to an account to confirm transactions and move funds. This allows the creation of joint accounts in crypto. Each signer has its own key. Transactions require a certain number of confirmations to be approved.

According to the research team, the vulnerability in Tron’s multisig allowed many valid signatures to be created. According to the report, “You could bypass the multi-signature verification process by signing the same message with our preferred non-deterministic nons. By doing this, you could generate many different valid signatures for the same message with the same private key.”

What was Tron’s mistake?

According to the dWallet team, Tron ensures that the signatures are unique rather than checking if the signers are unique. Therefore, signers could potentially “double-vote” or sign twice. Ömer Sadika, CEO of DWallet Labs, said the fix is ​​simple. He stated that “verifying the address rather than the number of signatures” is sufficient.

The researchers noted that the vulnerability was reported to Tron in February and was fixed days later. On the other hand, Arbitrum network has come to the fore in recent days in terms of security vulnerability. In particular, in May, two major DeFi protocols delivered nearly $10 million to attackers.

Arbitrum network witnessed two major hacking attempts

The first was due to a lack of liquidity operations targeting Jimbos, which resulted in a loss of $7.5 million. Arbitrum-based DeFi project Jimbos lost 4,000 Ether (ETH) as a result of the attack.

In its latest hack attempt, Ede Finance has come under fire for intentionally leaving a vulnerability. The DeFi project was the victim of a hack attempt that resulted in the seizure of nearly half a million dollars today. As we have quoted as Kriptokoin.com, the project team admits that it has a share in what happened.

Comments
Leave a Comment

Details
146 read
okunma52328
0 comments