Investing.com UK - Financial Markets Worldwide
🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

A Critical Flaw Was Exposed, And Resolved, At Tron: How $500M Was Almost Wiped Out

Published 31/05/2023, 16:59
© Reuters. A Critical Flaw Was Exposed, And Resolved, At Tron: How $500M Was Almost Wiped Out

Benzinga - There was a serious security flaw in the TRON (CRYPTO: TRON) blockchain network, according to dWallet Labs' cybersecurity research team, 0d.

The issue, reported on Feb. 19, has since been resolved.

What Happened: The vulnerability could have bypassed the multisig security protocols of TRON. As a result, more than $500 million in digital assets held in TRON multisig accounts were threatened.

Also Read: XRP Breaks Chains: Epic Surge Amid Tense Ripple-SEC Showdown

Why It Matters: TRON is a significant player in the global blockchain arena. It boasts over 144 million users and ranks second to Ethereum (CRYPTO: ETH) in terms of Total Value Locked (TVL) and stablecoin circulation.

The blockchain network utilizes multisig or Multi-Party Computation (MPC) for creating joint accounts.

In this setup, a threshold of signers is required to approve a transaction, effectively providing enhanced security.

The recently discovered vulnerability exploited an assumption in TRON's multisig transaction verification process: that there cannot be two different valid signatures for the same message by the same individual. This was proven false in light of TRON's ECDSA signature scheme.

This flaw could allow the generation of multiple valid signatures for the same message using the same private key.

0d Suggests Two Attack Scenarios

  • An attacker with at least one weight permission could execute transactions in every multisig wallet, regardless of the threshold.
  • An attacker could exploit a transaction partially signed by someone with permissions, but without reaching the threshold.

    • The vulnerability has been addressed by TRON after the report from 0d.

    The solution was simple: Checking the signed address against the list of addresses instead of matching the signature against the list of signatures.

    This fix effectively secures the TRON blockchain network, protecting the assets of its vast user base.

    Meanwhile, a TRON representative told The Block that they indeed received a bug report from HackerOne. The team sprung into action to rectify the issue and implemented the needed fixes to prevent any possible exploitation of the vulnerability.

    The detected problem has been successfully dealt with, thus reinstating the security of the system.

    Now Read: India To Leverage G-20 Presidency To Spark Global Crypto Conversation

    © 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

    Read the original article on Benzinga

    Latest comments

    Install Our App
    Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
    Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
    Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
    It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
    Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
    © 2007-2024 - Fusion Media Limited. All Rights Reserved.