Blockchain security firm dWallet Labs recently disclosed a vulnerability that they claim could affect up to $1 billion worth of cryptocurrencies, with assets such as Ether (ETH), Aptos (APT), BNB (BNB), and Sui (SUI) At risk.
In a paper sent to Cointelegraph, dWallet Labs reported a potential vulnerability in a validator hosted by infrastructure provider InfStones. According to dWallet Labs, they have begun a research paper on attacking blockchain networks and collecting private keys through Web2 attacks. dWallet Labs said that during this research, they discovered a vulnerability in the InfStones validator. They write:
“A series of vulnerabilities discovered and exploited during our research allowed us to fully control, run code, and extract the private keys of hundreds of validators across multiple major networks, potentially resulting in the equivalent of over $1 billion in cryptocurrency.” For example, direct losses of ETH), BNB, SUI, APT, etc.”
According to dWallet Labs, an attacker who exploited the vulnerability could obtain the private keys of validators across different blockchain networks. “With over $1 billion in collateral assets being staked on all of these validators, such an attacker would be able to take full control of all of them,” they added.
related: Exploits, hacks and scams stole nearly $1 billion in 2023, report says
On November 21, InfStones responded to Cointelegraph’s request for comment, denying that the vulnerability could affect $1 billion in assets. InfStones representative Darko Radunovic told Cointelegraph that the potential vulnerability would only affect a small portion of the active nodes they have launched.
According to Radunovic, the potential vulnerability was discovered in 237 instances, 212 of which were designated for testing and 25 as newly launched nodes in the production environment. “The instances found in production represent less than 0.1% of the active nodes we have launched to date,” Radunovic said in a statement. The company also publish A blog post states that the vulnerability has been resolved.
Radunovich also stressed that in response to the breach, they had conducted an internal review and had an accredited security company review their systems and company policies. The company has also launched a bug bounty program, encouraging any third parties to work directly with them to resolve any bugs they may find.
Magazine: $3.4B worth of Bitcoin in popcorn jars: The story of the Silk Road hacker
Svlook
