$500M vulnerability found in Tron multisig accounts by security firm
A research team at dWallet Labs has found a vulnerability in Tron multisig accounts, which allows an attacker to bypass the multisignature mechanism and sign transactions with a single signature. In a post detailing the technical breakdown of the vulnerability, the research team stated that this could have affected $500 million in assets held in Tron multisig accounts. This is because it allows any signer to “completely overcome the multisig security offered by TRON.”
0d, our superstar cybersecurity research team, discovered a vulnerability in TRON multisig accounts putting over $500M of digital assets at risk – it was disclosed and fixed so there are no user assets at risk now. A technical breakdown: https://t.co/nMj6kV6Oc3
— dWallet Labs (@dWalletLabs) May 30, 2023
As the name suggests, multisignature wallets require multiple signers defined in an account to approve transactions and move funds, allowing for the creation of joint accounts in crypto. Each account signer holds their own keys, and the account requires a certain threshold for approving transactions.
- Top 3 Chinese coins to buy as China leads the bull run
- Ethereum may reach $2K soon based on key indicators
- Pepecoin may rebound as it has strong algorithm data support
According to the research team, Tron’s multisig vulnerability allows for generating many valid signatures. They wrote:
“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.”
The cybersecurity team stated that Tron ensures the signatures are unique instead of checking if the signers are unique. Because of this, signers can potentially “double vote” or sign twice. Omer Sadika, the CEO of dWallet Labs, said that the fix was simple: verify the address instead of the number of signatures.
The researchers noted that the vulnerability was reported to Tron in February and fixed days after.
In other news, another decentralized finance protocol recently suffered a $7.5 million exploit. On May 28, blockchain security firm PeckShield reported that Arbitrum-based Jimbos Protocol was hacked, resulting in the loss of 4,000 Ether (ETH).
We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!
Was this article helpful?
93 out of 132 found this helpful
Related articles
- XRP address activity at historic high, bullish signal
- CoinEx launches BitHK for Hong Kong users
- XRP/USD rises to $05 as USD weakens
- Prosecutors reject dismissal of US criminal charges against Sam Bankman-Fried
- Crypto for 1000% gains in 2023?
- Biden and McCarthy optimistic about timely debt deal passage, these coins will benefit
- Can Floki Inu re-enter top 100 spot as a meme coin?