Critical Vulnerability in Tron’s Multisig Mechanism Exposed $500M in Digital Assets: Report

According to a report published by the cybersecurity research team known as 0d, a division of Dwallet Labs, researchers discovered a critical vulnerability in the Tron network’s native multi-sig mechanism. The cybersecurity experts explained that the vulnerability could have impacted more than $500 million worth of digital assets held in Tron multi-sig accounts. 0d specified that Tron’s development team addressed the problem by creating a patch for the bug.

Cybersecurity Researchers Summarize Bug Found Tied to Tron’s Multisig Mechanism, Tron Devs Patch the Vulnerability

On May 30, 2023, the research team 0d from Dwallet Labs published a report that uncovers a vulnerability in Tron’s native multisig scheme. The vulnerability enables any signer of a multi-sig account to bypass the network’s security measures, irrespective of the designated threshold and number of signers. “This vulnerability impacts over $500M in digital assets that are held in Tron multi-sig accounts,” 0d reported on Tuesday.

The researchers further stated that Tron’s developers were notified about the bug on February 19, 2023, and the programmers created a patch to address the problem. 0d said that the majority of Tron’s validators have already implemented the patch to prevent any potential exploitation of the vulnerability. “We have received a bounty reward for a high severity vulnerability via the Tron bounty program,” the cybersecurity research team disclosed.

0d explained that the vulnerability originated from the verification process of multisig transactions within the Tron network. The network depends on the uniqueness of signatures for identical messages from an individual. However, because of the deterministic nature of the signature generation process outlined in RFC 6979, an untrustworthy signer can utilize various nonces (random numbers) to generate multiple valid signatures for the same message while employing the same private key.

The revelation of the Tron multi-sig mechanism bug coincides with the discovery of a privacy vulnerability in the Monero blockchain. The bug is said to have existed on the Monero network for three years and has since been addressed. While discussing the Tron multi-sig problem, 0d researcher Omer Sadika explained that with the deployment of the fix, $500 million is now “secured.”

What are your thoughts on the recent vulnerability discovered in Tron’s multi-sig mechanism? Share your insights and opinions in the comments section below.

source https://news.bitcoin.com/critical-vulnerability-in-trons-multisig-mechanism-exposed-500m-in-digital-assets-report/

Komentar

Postingan populer dari blog ini

Spanish Treasury Secretary Says Cryptocurrencies Carry a ‘Risk of Default’, Repeats Bank of Spain’s Lack of Regulation Rhetoric

The government of Spain continues to harden its stance against widely adopting cryptocurrencies. The Spanish Secretary of State for the Economy recently expressed her concerns on risks that she thinks cryptos possess for the national economy. Secretary Doesn’t Like Bitcoin as It Cannot Be ‘Supervised or Sanctioned’ During the Online Fintech Summit 2021 , Ana de la Cueva said that cryptocurrencies such as bitcoin ( BTC ) carry “a risk of default, given that the user does not have the protection offered by traditional payment systems against a default by the counterparty.” In fact, the Secretary blasted off on the lack of a “centralized guarantee system” in bitcoin. Interestingly, at the beginning of her speech, De La Cueva mentioned that the cryptocurrency’s technology is based on blockchain. However, she later pointed out that there is no standard “clarity” on the nature of bitcoin. The Secretary repeated the same rhetoric of Spanish state entities on crypto assets, saying that th...

Baca selengkapnya

Barry Silbert Resigns as Chairman of Grayscale Investments

Digital Currency Group (DCG) founder Barry Silbert has resigned from his position as the chairman of Grayscale Investments. Current DCG chief financial officer Mark Shifke succeeds Silbert and is joined by Edward McGee and Matthew Kummell as members of the new look board. Preparing for Grayscale’s Next Chapter Barry Silbert, the founder and CEO of Digital Currency Group, has resigned from his position as chairman of the digital asset management company Grayscale and will be replaced by Mark Shifke. According to the company’s filing with the Securities and Exchange Commission (SEC), starting Jan. 1, 2024, Grayscale’s board will be composed of Mark Shifke, Matthew Kummell, and Edward McGee. Current Grayscale Investments CEO Michael Sonnenshein is also a board member, while Mark Murphy, the president of Digital Currency Group (DCG), departs alongside Silbert. Commenting on the changes to the board, an unidentified Grayscale spokeswoman reportedly said: “Grayscale and our investors ...

Baca selengkapnya

48 US Lawmakers Ask SEC Chair Gensler to Clarify Whether ETH Is a Security — Warn of ‘Negative Repercussions’

Forty-eight U.S. lawmakers have sent a letter to U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler asking him to clarify whether ether is a security. “The negative repercussions of the SEC implicitly or directly classifying ETH as a digital asset security will cascade throughout the digital asset marketplace both in the short and long […] source https://news.bitcoin.com/48-us-lawmakers-ask-sec-chair-gensler-to-clarify-whether-eth-is-a-security-warn-of-negative-repercussions/

Baca selengkapnya

Crypto Account Manager

Cari Blog Ini