Experts discover a $500 million vulnerability in the TRON blockchain
The threat discovered in February has now been eliminated
30.05.2023 - 15:55
531
2 min
0
A research team at dWallet Labs has discovered a zero-day vulnerability in Tron multisig accounts, allowing an attacker to bypass the multisignature mechanism and sign transactions with a single signature.
In a technical breakdown post, the research team said the vulnerability could have impacted $500 million in assets held in Tron multisig accounts. This is because it allows any signer to “completely overcome the multisig security offered by TRON.”
As its name suggests, multisignature wallets require multiple signers defined in an account to approve transactions and move funds, allowing the creation of joint accounts in crypto. Each account signer holds their own keys and the account requires a certain threshold for approving transactions.
According to the research team, the vulnerability with Tron’s multisig allows for generating many valid signatures. They wrote:
“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.”
According to the cybersecurity team, Tron ensures the signatures are unique instead of checking if the signers are unique. Because of this, signers can potentially “double vote” or sign twice. Omer Sadika, the CEO of dWallet Labs, said the fix was simple: verify the address instead of the number of signatures.
Sadika discussed the vulnerability in a thread. Source: Twitter
The researchers noted that the vulnerability was reported to Tron in February and fixed days after.
Cointelegraph reached out to Tron for comments but did not receive a response.
In other news, another decentralized finance protocol recently suffered a $7.5 million exploit. On May 28, blockchain security firm PeckShield reported that Arbitrum-based Jimbos Protocol was hacked, resulting in the loss of 4,000 Ether ETH $1,901.
This material is taken from the website https://cointelegraph.com.
Useful material?
Telegram 
Twitter Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024
Cryptocurrency rates
-
Bitcoin
$98 921
BTC
+1.15%
-
Ethereum
$3 344.5
ETH
+6.55%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.43
XRP
+28.44%
-
Dogecoin
$0.390861
DOGE
+2.71%
-
Cardano
$0.879054
ADA
+11.89%
-
Bitcoin Cash
$490.82
BCH
-5.78%
-
Polkadot
$6.1
DOT
+7.82%
-
Stellar XLM
$0.291668
XLM
+22.97%
-
Litecoin
$91.09
LTC
+1.65%