Cryptocurrency

How $500M Was Almost Wiped Out By Benzinga


Benzinga – There was a serious security flaw in the TRON (CRYPTO: TRON) blockchain network, according to dWallet Labs‘ cybersecurity research team, 0d.

The issue, reported on Feb. 19, has since been resolved.

What Happened: The vulnerability could have bypassed the multisig security protocols of TRON. As a result, more than $500 million in digital assets held in TRON multisig accounts were threatened.

Also Read: XRP Breaks Chains: Epic Surge Amid Tense Ripple-SEC Showdown

Why It Matters: TRON is a significant player in the global blockchain arena. It boasts over 144 million users and ranks second to Ethereum (CRYPTO: ETH) in terms of Total Value Locked (TVL) and stablecoin circulation.

The blockchain network utilizes multisig or Multi-Party Computation (MPC) for creating joint accounts.

In this setup, a threshold of signers is required to approve a transaction, effectively providing enhanced security.

The recently discovered vulnerability exploited an assumption in TRON’s multisig transaction verification process: that there cannot be two different valid signatures for the same message by the same individual. This was proven false in light of TRON’s ECDSA signature scheme.

This flaw could allow the generation of multiple valid signatures for the same message using the same private key.

0d Suggests Two Attack Scenarios

  • An attacker with at least one weight permission could execute transactions in every multisig wallet, regardless of the threshold.
  • An attacker could exploit a transaction partially signed by someone with permissions, but without reaching the threshold.
  • The vulnerability has been addressed by TRON after the report from 0d.

    The solution was simple: Checking the signed address against the list of addresses instead of matching the signature against the list of signatures.

    This fix effectively secures the TRON blockchain network, protecting the assets of its vast user base.

    Meanwhile, a TRON representative told The Block that they indeed received a bug report from HackerOne. The team sprung into action to rectify the issue and implemented the needed fixes to prevent any possible exploitation of the vulnerability.

    The detected problem has been successfully dealt with, thus reinstating the security of the system.

    Now Read: India To Leverage G-20 Presidency To Spark Global Crypto Conversation

    © 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

    Read the original article on Benzinga


    Get The App

    Join the millions of people who stay on top of global financial markets with Investing.com.

    Download Now



    Source link

    Leave a Response