dWallet Labs Security Firm Reveals $500m Vulnerability Inherent in TRON Multisig Accounts

The research conducted by dWallet Labs security firm revealed that Tron’s blockchain has zero-day vulnerability exposing million-dollar crypto assets to theft. The research indicated that the Tron’s blockchain current settings leave $500m of crypto assets to theft.

Vulnerability in Multisig Accounts Detected Timely

The vulnerability within the multi-sig accounts emerged following the in-depth analysis by the Od cybersecurity research unit within the dWallet Labs. The susceptibility of multi-sig accounts left the assets at risk of access by cybercriminals. 

dWallet Labs revealed via its official Twitter profile on Tuesday, May 30 confirmed that while no theft was detected during the analysis, leaving the multi-sig accounts would risk the digital assets in future. The research team outlined the multi-sig accounts involving multiple signatures to authorize each transaction successfully. 

Flawed Verification Approach Facilitated Easy Access

The flaws evident in TRON’s approach could permit any signer linked to a multisig account to access the funds held in the account easily. The signer can access the digital assets without seeking approval from other signers. 

The research team indicated that the oversight within the verification process deployed in Tron’s blockchain would enable the attacker to circumvent the security relied upon in the multi-sig accounts. 

Vulnerability Solve in a Direct Process Swapping Signatures for Addresses List

Omer Sadika, identified as part of the 0d research unit, illustrated that the design utilized within the multi-sig verification process easily supports one signer to replicate one message in a nondeterministic manner. He explained that one signer could leverage a single message to generate multiple valid signatures. 

The 0d research team indicated that the solution to the vulnerability involved a straightforward process. The process involved ascertaining how signatures are verified relative to the addresses list rather than the current process of depending on the signatures list.

Tron’s Response to Resolve the Security Flaw in the Multisig Accounts

Sadika demonstrated that the 0d research team promptly addressed the vulnerability using Tron’s bug bounty initiative on February 19. TRON quickly resolved the vulnerability within days, with the researchers illustrating the solution was embraced by the validators to implement the requisite patches. 

A subsequent Twitter notification by the researchers ruled out any user assets suffering any theft. At the time of the tweet, all risks to the vulnerability were eliminated. 

Beyond Twitter, TRON has yet to issue a public statement explaining the incident.

Outlook of Other Vulnerabilities

The vulnerability detected in TRON’s multisig account mirrors other flaws discovered in several blockchains. Monero blockchain is recent to portray significant privacy vulnerability.

Notably, the bug surfacing in the Monero blockchain had remained undetected within the network for a period exceeding three years. However, the internal security team resolved the flaw right upon its detection. 

A similar weakness arose within the Jimbos Protocol. The DeFi platform suffered an unfortunate exploit from attackers who leveraged the flows. The protocol established upon the Arbitrum network suffered a 4000 ether loss translating to $7.5 million.

In its May 28 tweet, Wu Blockchain captured the findings by PeckShield analytic firm. The analysis attributed the hack to failing to deploy slippage control in the liquidity-shifting process. The flawed operation allowed the protocol-owned liquidity to appear one reliant on a skewed price range. The imbalanced price range allowed the perpetrator to exploit to profit from the reverse swap.

Vulnerability of Hundreds Blockchain Networks Discovered by Halborn Security

Meanwhile, Halborn Security had in March this year warned that over 280 blockchain networks were susceptible to zero-day exploits. The flaws would leave $25 billion cryptos vulnerable to cyber theft and exploitation. 

Halborn Security confirmed working with Dogecoin, Litecoin and Zcash to fix the vulnerability within their codebase. It identified that the most significant vulnerability involved the capability of attackers to replicate maliciously crafted consensus messages to prompt the closure of the individual nodes. 

The occurrence of protocol exploits highlights the need to undertake rigorous security mechanisms. Its accomplishment mandates auditing the verification used in blockchain technologies. 

Identifying vulnerabilities for quick address is essential to guarantee security and safeguard the crypto networks’ integrity. 

Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.