Connect with us


Tezos [XTZ]: Multiple Tezos Wallets found vulnerable to blind signature attacks




Multiple KYC-Tezos [XTZ] Wallets found vulnerable to blind signature attacks
Source: Unsplash

Tezos, the 24th largest cryptocurrency is well-known for its self-amending cryptographic ledger. It was recently noticed that certain wallets for Tezos have an inherent flaw that allows ‘bling signature’ attacks, commonly known as ‘bling sig’ attacks.

The post surfaced on the official subreddit of Tezos, r/tezos, it mentioned vulnerability which allowed certain wallets to be breached causing loss of user funds.

The post stated:

“All major Tezos wallets we tested except two, are vulnerable to a simple yet catastrophic attack that can lead to loss of funds (blind signature vulnerability)”

The post mentions how these ‘vulnerable’ wallets connect to the server [RPC node] without building raw transactions like every other cryptocurrency wallet. Moreover, these wallets do not check the binary before signing it, so if the RPC is compromised it would expose the clients’ transactions allowing the hackers.

The hackers could provide a malicious transaction to sign and since the binary wouldn’t be parsed, the hackers could easily siphon the users’ funds.

The post also provided the creators of the wallets a demo to test if their wallets were vulnerable to such threats.

Furthermore, the subreddit post stated:

“Cryptocurrency wallets were meant to be trustless, but most Tezos wallets are not… When you’re signing any tx with these wallets you’re trusting the server (RPC) to send you money… The RPC you rely upon could turn malicious (e.g. be hacked) at any moment in time, with no way for you to detect it.”

The post illustrates the recent attack on Electrum wallets which were more secure than Tezos’ wallet which led to a loss of assets worth $750,000.

One of the two mentioned vulnerable wallets was LibreBox and the post stated that the wallet has been fixed and cannot be ‘blind sig’ attacked.

The post suggested a few steps that could be done to secure the users’ funds, which were:

“1.Tezos users: do not sign any tx with a vulnerable wallet until the vulnerability is addressed.
2. Wallet developers: immediately start warning your users of the danger, until binary txs are parsed and checked. If you resolved the issue or if your wallet is not listed, feel free to contact us to update this post.
3. Tezos Foundation: immediately release specs for the binary tx format, and improve documentation to a more decent standard.”

Corey Soreff, a board member of Tezos Commons mentioned that the vulnerability of the wallets in question has been patched.

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Akash is your usual Mechie with an unusual interest in cryptos and day trading, ergo, a full-time writer at AMBCrypto and a part-time novice trader.


Ampleforth could help create next-gen synthetic commodities for portfolio diversification, claims Blockfyre report




Ampleforth could help create next gen synthetic commodities for diversification of portfolios claims new Blockfyre report
Source: Unsplash

Ampleforth was the first token to successfully complete an IEO on Bitfinex. This IEO caught the attention of a lot of users in the cryptospace, as the $5 million hard cap was sold out within the first 11 seconds. A new report by Blockfyre details how Ampleforth could pave the way for a new asset class for portfolio diversification in the future.

The report also highlighted a feature of Ampleforth that allows a flexible supply that adjusts to the market demand, while price simultaneously finds equilibrium. The token also aims to tackle the strong correlation that most cryptocurrencies share with Bitcoin.

Synthetic Commodity

Ampleforth project has the ability to create synthetic commodities that are disconnected when it comes to price fluctuations due to correlations, which is a common problem faced by both cryptocurrencies and traditional asset classes. Although Bitcoin was created to tackle problems that fiat currency inherently has, it still has some correlation issues.

In a world where traditional assets are widely affected by macroeconomic and global political scenarios, Ampleforth aims to create a new asset class, Synthetic Commodity, to tackle this problem.

The report stated,

“BTC as a synthetic commodity doesn’t show correlation to traditional markets such as stock stocks and bonds. Thus it reflects a potential good investment for portfolio diversification, in order to tackle macro-economic recession”

Although BTC is an uncorrelated asset, other cryptocurrencies are widely correlated to it. Ampleforth’s protocol introduces synthetic assets that “will always find a price-supply equilibrium by adjusting the price due to demand.” The report added,

“It needs to be emphasized, that these price-supply information will always be distributed amongst all token holders, so the supply of all token holders will decrease / increase. As a result, the overall cut of the total supply for each person will always remains the same.”

The report further said that if successful, Ampleforth will directly compete with Bitcoin’s $145 billion market cap and also against traditional asset market-based in fiat.

Subscribe to AMBCrypto’s Newsletter

Continue Reading