Connect with us

Altcoins

Tezos [XTZ]: Multiple Tezos Wallets found vulnerable to blind signature attacks

Avatar

Published

on

Multiple KYC-Tezos [XTZ] Wallets found vulnerable to blind signature attacks
Source: Unsplash

Tezos, the 24th largest cryptocurrency is well-known for its self-amending cryptographic ledger. It was recently noticed that certain wallets for Tezos have an inherent flaw that allows ‘bling signature’ attacks, commonly known as ‘bling sig’ attacks.

The post surfaced on the official subreddit of Tezos, r/tezos, it mentioned vulnerability which allowed certain wallets to be breached causing loss of user funds.

The post stated:

“All major Tezos wallets we tested except two, are vulnerable to a simple yet catastrophic attack that can lead to loss of funds (blind signature vulnerability)”

The post mentions how these ‘vulnerable’ wallets connect to the server [RPC node] without building raw transactions like every other cryptocurrency wallet. Moreover, these wallets do not check the binary before signing it, so if the RPC is compromised it would expose the clients’ transactions allowing the hackers.

The hackers could provide a malicious transaction to sign and since the binary wouldn’t be parsed, the hackers could easily siphon the users’ funds.

The post also provided the creators of the wallets a demo to test if their wallets were vulnerable to such threats.

Furthermore, the subreddit post stated:

“Cryptocurrency wallets were meant to be trustless, but most Tezos wallets are not… When you’re signing any tx with these wallets you’re trusting the server (RPC) to send you money… The RPC you rely upon could turn malicious (e.g. be hacked) at any moment in time, with no way for you to detect it.”

The post illustrates the recent attack on Electrum wallets which were more secure than Tezos’ wallet which led to a loss of assets worth $750,000.

One of the two mentioned vulnerable wallets was LibreBox and the post stated that the wallet has been fixed and cannot be ‘blind sig’ attacked.



The post suggested a few steps that could be done to secure the users’ funds, which were:

“1.Tezos users: do not sign any tx with a vulnerable wallet until the vulnerability is addressed.
2. Wallet developers: immediately start warning your users of the danger, until binary txs are parsed and checked. If you resolved the issue or if your wallet is not listed, feel free to contact us to update this post.
3. Tezos Foundation: immediately release specs for the binary tx format, and improve documentation to a more decent standard.”

Corey Soreff, a board member of Tezos Commons mentioned that the vulnerability of the wallets in question has been patched.





Subscribe to AMBCrypto’s Newsletter




Follow us on Telegram | Twitter | Facebook



Akash is your usual Mechie with an unusual interest in cryptos and day trading, ergo, a full-time journalist at AMBCrypto. Holds XRP due to peer pressure but otherwise found day trading with what little capital that he owns.

Altcoins

Bitcoin SV [BSV] gets hit with another reorg as multiple blocks get orphaned, including a 128 MB block

Akash Anand

Published

on

Bitcoin SV [BSV] gets hit with another reorg as multiple blocks get orphaned, including a 128 MB block
Source: Pixabay

Bitcoin SV [BSV] and its proponents have been making headlines over the past couple of weeks, either due to developments or because of comments made by its major proponents, Craig Wright, the chief scientist at nChain, and Calvin Ayre.

The network was also hit with several members of the cryptocurrency community alleging that the cryptocurrency itself is a sham without any use cases, as evidenced by its delisting on several popular cryptocurrency exchanges like Binance, Kraken and Shapeshift.

The latest news added salt to BSV’s wounds after it was revealed that the network went through another blockchain reorganization on a 128 MB block. This fact was pointed out by Nikita Zhavoronkov, the lead developer of Blockchair, who had tweeted:

“Whoops! $BSV has experienced yet another reorg, this time 6 (six!) consecutive blocks were orphaned (#578640–578645), this chain included a 128 MB block #578644 🤦‍♂️ The network was basically stuck for 1.5 hours, and this shows that even 6 confirmations are not enough.”

Orphaned blocks are valid blocks which are not part of the main chain. There are ways that they can occur naturally when two miners produce blocks at similar times or they can be a result of an attacker with enough hashing power using it for nefarious activities like reversing transactions.

A major reason why this reorg event made news was that a major 128 MB block was stuck in transaction, something that was not supposed to occur according to the initial claims made by the SV camp. Supporters of the cryptocurrency, however, have stated that despite being slower than promised, the transactions on the block settled faster than that on a Bitcoin Core block.



One supporter of BSV, mboyd1, tweeted:

“Orphaned blocks are a feature, not a bug”

To this tweet, Zyo, another cryptocurrency enthusiast replied:

“yes, but orphaning 6 blocks in a row is not good, that means that 6 confirmations is not safe. It’s a bug because the 100+ MB take way too long to propagate and validate. There is a reason why BCH doesn’t have [yet] 100+ MB blocks.”





Subscribe to AMBCrypto’s Newsletter


Continue Reading

Trending