Blockchain News

Tron Blockchain MultiSig Accounts Risked $500 Million

TRON Blockchain Exposes $500 Million to Theft: Critical Zero-Day Vulnerability in Multisig Accounts Resolved.

Written By:
Shivraj Swami
Tron Blockchain MultiSig Accounts Risked $500 Million

On May 30, security experts revealed a flaw in the TRON blockchain that had previously exposed $500 million in cryptocurrency.

In a significant discovery, the 0d research team at dWallet Labs uncovered a critical zero-day vulnerability in the TRON blockchain that could have potentially led to the theft of funds from multisig accounts. 

The theft could have easily happened as the Zero-Day vulnerability allowed any signer to “completely overcome the multisig security offered by TRON.”

Multisig accounts require multiple signatures to authorize transactions, ensuring added security. However, the vulnerability found in TRON allowed any signer associated with a multisig account to gain unauthorized access to the funds within it.

The flaw was attributed to oversights in TRON’s approach to multisig, where the verification process failed to validate all necessary information. The Tron multisig account focused on ensuring the uniqueness of signatures rather than verifying the uniqueness of the signers themselves.   

This loophole would have completely bypassed TRON’s multisig security, as highlighted by the 0d researchers, signers can potentially “double vote” or sign twice. Simply put, one signer can create multiple valid signatures for the same message.

Thankfully, the solution to this vulnerability was relatively straightforward. Researchers proposed checking signatures against a list of addresses, rather than solely relying on a list of signatures. This simple fix would prevent unauthorized access and enhance the overall security of multisig accounts.

The 0d research team promptly reported the vulnerability to TRON through its bug bounty program on February 19. Within days, TRON patched the vulnerability, ensuring that most TRON validators have implemented the necessary fixes.

In a reassuring statement on Twitter, the researchers emphasized that no user assets are currently at risk since the vulnerability has been successfully resolved.

Also Read: TRON DAO Partners with Nansen for Blockchain In-depth Insights

While TRON has yet to issue a public statement regarding the matter, the swift action taken to address the vulnerability demonstrates the importance of proactive security measures and the significant role that responsible researchers play in identifying and reporting such vulnerabilities.

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Avatar photo
By Shivraj Swami
Shivraj Swami is a talented content writer with a strong passion for two diverse fields: the crypto industry and cricket. With an insatiable curiosity, he has immersed himself in the intricacies of these domains, gaining extensive knowledge and expertise.

Latest News

Humanity Protocol Hackers Move Stolen Funds to KuCoin Wallets
Humanity Protocol Hackers Move Stolen Funds to KuCoin Wallets
Small Banks Feel Sidelined in Trump’s Pro-Crypto Agenda
Small Banks Feel Sidelined in Trump’s Pro-Crypto Agenda
Steam Workshop Attack Installs Crypto Miners on Gamers’ PCs: Kaspersky
Steam Workshop Attack Installs Crypto Miners on Gamers’ PCs: Kaspersky
Inside the High-Stakes Corporate War Over the GENIUS Act
Inside the High-Stakes Corporate War Over the GENIUS Act
GTA 6 Preorder Hype Revives Vice City and Rockstar Tokens
GTA 6 Preorder Hype Revives Vice City and Rockstar Tokens

Find Us on Socials

You may also like