Principalele puncte cheie:
- The company found that nearly all TSS applications are vulnerable to acute recovery attacks and identified key extraction attacks in the MPC protocol.
- Verichains tested cross-chain asset management and non-custodial key infrastructure of many popular wallets, extracting full private keys without leaving a trace, and believes that over $8bn of total value locked (TVL) is at risk.
- The company is urging platforms and projects that rely on ECDSA to prioritize implementing robust security measures.
Verichains is a leading blockchain security solutions provider specializing in perimeter security, code audits, cryptanalysis, and incident investigation. Investigating threshold ECDSA security since October 2022, Verichains found that nearly all Threshold Signature Schemes (TSS) applications are vulnerable to key recovery attacks. Today, they found critical Key Extraction Attacks in TSS, the Multi-Party Computing (MPC) protocol.
Leading security firms run TSSs through multiple audits but fail to detect the security problems Verichains found. TSS is a cryptographic protocol that allows a group of parties to create a signature on a message without revealing their private keys. Blockchain technology ensures the security and availability of funds with this application. With TSS, funds are decentralized and controlled by a distributed group of signers who collaborate to authorize transactions.
Multi-Party Computing (MPC) system, in which TSS is used as a protocol, is used by many large financial and blockchain institutions to secure digital assets. These institutions include Fireblocks, Binance, Revolut, BNY Mellon, ING, Coinbase, and others. Many institutions implement MPC protocols for threshold ECDSA based on GG18, GG20, and CGGMP21 algorithms.
Over $8 Billion TVL Endangered
Verichains created proof of concept attacks on cross-chain asset management and non-custodial key infrastructure of many popular wallets in its tests. They extracted the full private key without leaving a trace in the attacks and appearing innocent to other parties. The company states that at least $8 billion worth of TVL is at risk.
Thanh Nguyen, Verichains Co-Founder and former CPU Security Leader at Intel, said, “Verichains has a strong commitment to responsible vulnerability disclosure, and we take care and considered steps when disclosing attacks, especially given the wide range of impacted projects and significant user funds at risk.”
The team is urging platforms and projects that rely on ECDSA to prioritize implementing robust security measures. They are ready to help to ensure the safety of the platforms. Notifying potential applications that could be affected by the attacks, Verichains will release details of the test attacks once the vulnerabilities are mitigated.
Founded in 2017, the company has helped investigate and fix security issues in the most prominent crypto attacks, including Ronin Bridge and BNB Bridge. In December 2022, Verichains first discovered Private Key Extraction Vulnerability in fastMPC’s Secure Multi-Party Client of Multichain.
Adnan este un entuziast cripto care este mereu cu ochii pe cele mai recente evoluții din ecosistemul cripto. Este inginer de mediu care lucrează la MBA și urmărește inovațiile în FinTech de câțiva ani. Adnan produce conținut scris pentru a revizui proiectele cripto și pentru a sprijini comunitatea cripto.
- Distribuție de conținut bazat pe SEO și PR. Amplifică-te astăzi.
- Platoblockchain. Web3 Metaverse Intelligence. Cunoștințe amplificate. Accesați Aici.
- Sursa: https://coincheckup.com/blog/verichains-reveals-critical-security-vulnerabilities-in-tss-and-mpc-protocols/
- :este
- 10
- 100
- 2017
- 2022
- 7
- a
- algoritmi
- TOATE
- permite
- mereu
- și
- aplicație
- aplicatii
- SUNT
- AS
- activ
- gestionarea activelor
- Bunuri
- At
- Atacuri
- audituri
- autor
- autoriza
- disponibilitate
- Avatar
- bazat
- BE
- consideră că
- Miliard
- binance
- blockchain
- Securitate Blockchain
- Tehnologia blocurilor
- BNB
- BNY
- BNY Mellon
- POD
- by
- pasă
- client
- Co-fondator
- cod
- audituri de cod
- coinbase
- colabora
- angajament
- comunitate
- companie
- tehnica de calcul
- concept
- luate în considerare
- conţinut
- controlată
- ar putea
- Procesor
- crea
- a creat
- critic
- Cross-Chain
- cripto
- cripto comunitate
- Ecosistemul Crypto
- proiecte crypto
- criptografic
- decembrie
- descentralizată
- descriere
- detalii
- evoluții
- digital
- Active digitale
- Dezvăluirea
- dezvăluire
- a descoperit
- distribuite
- ecosistem
- inginer
- asigura
- asigură
- entuziast
- de mediu
- mai ales
- extern
- extracţie
- ochi
- FAIL
- financiar
- FinTech
- BLOCURI DE FOC
- firme
- First
- Repara
- următor
- Pentru
- Fost
- găsit
- Complet
- Fondurile
- dat
- grup
- ajutor
- a ajutat
- highlights-uri
- http
- HTTPS
- identificat
- imagine
- afectate
- punerea în aplicare a
- Punere în aplicare a
- in
- incident
- include
- Inclusiv
- Infrastructură
- ING
- inovații
- instituții
- Intel
- investiga
- investigaţie
- probleme de
- ESTE
- jpg
- păstrare
- Cheie
- chei
- mare
- Ultimele
- cele mai recente dezvoltări
- lider
- conducere
- lăsând
- blocat
- administrare
- multe
- MBA
- măsuri
- pepene
- mesaj
- cele mai multe
- MPC
- multipartid
- multicaten
- multiplu
- aproape
- Nou
- Nguyen
- neprivativă de libertate
- sesizând
- octombrie
- of
- on
- deschide
- Altele
- Altele
- petreceri
- Platforme
- Plato
- Informații despre date Platon
- PlatoData
- Popular
- potenţial
- Prioritizarea
- privat
- cheie privată
- Cheile private
- probleme
- Proiecte
- proeminent
- dovadă
- dovada de concept
- protocol
- protocoale
- furnizorul
- gamă
- gata
- recuperare
- eliberaţi
- responsabil
- revelator
- dezvaluie
- revizuiască
- Revolut
- Risc
- robust
- RONIN
- Alerga
- Siguranţă
- Said
- scheme
- sigur
- securitate
- câteva
- semnificativ
- întrucât
- soluţii
- specializata
- Statele
- paşi
- puternic
- a sustine
- sistem
- Lua
- echipă
- Tehnologia
- test
- teste
- acea
- lor
- Acestea
- prag
- Prin
- la
- astăzi
- Total
- valoarea totală este blocată
- urmări
- Tranzacții
- TVL
- Utilizator
- fondurile utilizatorilor
- valoare
- Vulnerabilitățile
- vulnerabilitate
- vulnerabil
- Portofele
- care
- OMS
- larg
- Gamă largă
- voi
- cu
- fără
- de lucru
- valoare
- scris
- ani
- zephyrnet