Tron Network has been discovered to have a $500M vulnerability. This vulnerability was first discovered in February and reported to the right team, which was resolved in a few days. Today, the research team at dWallet Labs published an article detailing how they discovered the zero-day vulnerability in Tron’s multi-signature accounts and helped resolve it.
Security firm finds vulnerabilities in Tron Network
DWallet Labs found a bug in Justin Sun’s Tron Network that would allow an attacker to bypass the network multi-sig accounts mechanism and sign transactions using one signature only.
The team posted an article earlier today saying that the network’s vulnerability could impact around $500 million in assets stored in the multi-sig wallets. It explained that the bug could allow any signer to overcome the multi-sig security designed by TRON, giving full access to the accounts.
Since multi-signature accounts are meant to be used and authorized by multiple parties, such a vulnerability could spell doom to the network and shouldn’t be taken lightly. The research team said:
“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.”
The team explained that the network needed to catch up by ensuring the signatures used were unique rather than checking if the signers were unique. As such, the signers could double vote, an action that the network’s security measures could easily overlook, resulting in a potential exploit.
However, the researchers have explained that they reported the matter in February, and the network’s developers fixed it. Keep watching Fintech Express for updates on cyber security and other developments surrounding the fintech industry.