Tezos, the 24th largest cryptocurrency is well-known for its self-amending cryptographic ledger. It was recently noticed that certain wallets for Tezos have an inherent flaw that allows ‘bling signature’ attacks, commonly known as ‘bling sig’ attacks.
The post surfaced on the official subreddit of Tezos, r/tezos, it mentioned vulnerability which allowed certain wallets to be breached causing loss of user funds.
The post stated:
“All major Tezos wallets we tested except two, are vulnerable to a simple yet catastrophic attack that can lead to loss of funds (blind signature vulnerability)”
The post mentions how these ‘vulnerable’ wallets connect to the server [RPC node] without building raw transactions like every other cryptocurrency wallet. Moreover, these wallets do not check the binary before signing it, so if the RPC is compromised it would expose the clients’ transactions allowing the hackers.
The hackers could provide a malicious transaction to sign and since the binary wouldn’t be parsed, the hackers could easily siphon the users’ funds.
The post also provided the creators of the wallets a demo to test if their wallets were vulnerable to such threats.
Furthermore, the subreddit post stated:
“Cryptocurrency wallets were meant to be trustless, but most Tezos wallets are not… When you’re signing any tx with these wallets you’re trusting the server (RPC) to send you money… The RPC you rely upon could turn malicious (e.g. be hacked) at any moment in time, with no way for you to detect it.”
The post illustrates the recent attack on Electrum wallets which were more secure than Tezos’ wallet which led to a loss of assets worth $750,000.
One of the two mentioned vulnerable wallets was LibreBox and the post stated that the wallet has been fixed and cannot be ‘blind sig’ attacked.
The post suggested a few steps that could be done to secure the users’ funds, which were:
“1.Tezos users: do not sign any tx with a vulnerable wallet until the vulnerability is addressed.
2. Wallet developers: immediately start warning your users of the danger, until binary txs are parsed and checked. If you resolved the issue or if your wallet is not listed, feel free to contact us to update this post.
3. Tezos Foundation: immediately release specs for the binary tx format, and improve documentation to a more decent standard.”
Corey Soreff, a board member of Tezos Commons mentioned that the vulnerability of the wallets in question has been patched.
Subscribe to AMBCrypto’s Newsletter
XRP/USD Price Analysis: Prices stagnate as the bears and the bulls continue to brawl
Bitcoin [BTC] developer Jimmy Song lists 3 reasons why Bitcoin SV [BSV] is a “scam”
Ethereum [ETH/USD] Price Analysis: Coin stands tall with the bull by its side
SEC could include Bitwise’s Bitcoin ETF in federal registers; proposal under review for approval
XRP, BAT and Dash among the most popular cryptocurrencies for Uphold users
Ripple/XRP: XRP will soon hit Abra cryptocurrency platform, confirms CEO Bill Barhydt
DigiByte community gears up for Global Summit while founder Jared Tate finalises book on decentralized internet
Tron [TRX]’s Justin Sun sets up Valentines day surprise for Ethereum [ETH]’s Vitalik Buterin
After Bitcoin [BTC] ETF silver lining, SEC puts forth circular on ICOs
Ethereum [ETH] could have been stolen through malware impersonating MetaMask
Bitcoin [BTC] among cryptocurrencies enabled by new debit card launched by Australian Crypto exchange
Nouriel Roubini says JP Morgan’s cryptocurrency JPM Coin is a joke; compares it to XRP
Ethereum [ETH] mining rewards breach lowest levels ever as average difficulty spikes
Coinbase steps up Bug Bounty program; rewards hacker $30,000 for critical bug detection