Ad
CryptoSlate on Substack
Your daily dose of must-have crypto news and deep dives. Direct to your inbox.
Join 75k subscribers
 Ad
News
Meta announces Llama 3, launches dedicated AI web portal Scaramucci says Bitcoin is ‘still very young,’ predicts $200k long-term price after halving US lawmakers’ proposed ban on algorithmic stablecoins draws industry backlash Tether champions decentralized systems expanding tech, AI, education and financial reach Bitcoin Ordinals Game Boy inspired gaming handheld and hardware wallet sells out instantly
TRON avoided $500M multisig vulnerability TRON avoided $500M multisig vulnerability Mike Dalton · 11 months ago · 1 min read
NewsHacks

TRON avoided $500M multisig vulnerability

The bug has since been patched, and no user assets are at risk.

Mike Dalton
May. 31, 2023 at 4:30 am UTC
1 min read
Updated: May. 31, 2023 at 2:11 am UTC
TRON avoided $500M multisig vulnerability

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Security researchers disclosed a vulnerability in the TRON blockchain on May 30 that previously put $500 million of crypto at risk.

One signer could have accessed mulitisig accounts

The 0d research team at dWallet labs said that a critical zero-day vulnerability in the TRON blockchain left multisig accounts open to theft.

Multi-sig accounts must be signed by multiple signatures before they execute a transaction, as the name suggests. However, the vulnerability found in TRON would have allowed any signer associated with any given multisig account to single-handedly access the funds within that account.

Oversights in TRON’s approach to multisig meant that its verification process did not verify all necessary information. This line of attack would have “completely overcome” TRON’s multisig security, according to 0d researchers.

Team member Omer Sadika wrote:

” … The multisig verification process [could have been] bypassed by signing the same message with non-deterministic nonces…Simply put, one signer can create multiple valid signatures for the same message.”

The solution to this problem was simple, according to researchers. Signatures are now checked against a list of addresses, not just a list of signatures.

Vulnerability was reported in February

The 0d research team said that they reported the issue via TRON’s bug bounty program on Feb. 19. The team added that TRON patched the vulnerability in days, and they said that most TRON validators are now patched.

Researchers emphasized in a separate Twitter statement that “there are no user assets at risk” now that the vulnerability has been fixed.

TRON has not yet issued its own public statement.

Posted In: , Hacks
Author

Mike Dalton

Journalist at CryptoSlate

Before transitioning to crypto writing in 2018, Mike studied library and information sciences. Currently, he resides on Canada's West Coast.

Editor Editor

News Desk

Editor at CryptoSlate

CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.

Latest TRON Stories
TRON DAO at Harvard Blockchain Conference and New TRON Builder Tour Stop

TRON DAO at Harvard Blockchain Conference and New TRON Builder Tour Stop

Ad Partnerships 2 days ago

TRON DAO boosts its engagement with blockchain enthusiasts and professionals at Harvard Blockchain Conference as a platinum sponsor.

Binance ends Tron USDC support as it faces blockade in the Philippines

Binance ends Tron USDC support as it faces blockade in the Philippines

Exchanges 4 weeks ago

Regulatory pressures mount as Binance phases out Tron network's USDC for users.

IntoTheBlock Integrates TRON Network Analytics

IntoTheBlock Integrates TRON Network Analytics

Ad Partnerships 1 month ago

IntoTheBlock brings TRON network's advanced analytics to millions for free, bolstering transparency and market insight.

TRON integrated with Amazon Web Services to Accelerate Blockchain Adoption

TRON integrated with Amazon Web Services to Accelerate Blockchain Adoption

Ad Partnerships 1 month ago

TRON and Amazon Web Services join forces to democratize blockchain development with easy Full Node deployment.

Latest Alpha Market Report
Dial H for Halving: Unpacking the technicalities of Bitcoin’s halving
Available exclusively via

Dial H for Halving: Unpacking the technicalities of Bitcoin’s halving

Andjela Radmilac · 4 days ago

CryptoSlate's latest market report dives deep into the Bitcoin halvings, exploring its technical underpinnings, the historical context of previous halvings, and their long-term impacts on the network.

Latest Press Releases
View All

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Latest Alpha

In this article

TRON TRX (24h)
$0.10902 +0.22%
Vol: $346.65M MCap: $9.55B

TRON is one of the largest blockchain-based operating systems.

More about TRON

Featured Story

Advertise Here
Ad
CryptoSlate on Substack cryptoslate.substack.com
Get the latest crypto news and expert insights. Delivered to you daily.
Join 75k subscribers
 Ad