The research group of dWallet Labs, a cybersecurity platform, found a zero-day susceptibility in Tron, a multisig accounts, stated Cointelegraph. It is believed, this has enabled an attacker to break the multisignature mechanism and sign transactions with a single signature.
“0d, our superstar cybersecurity research team, discovered a vulnerability in TRON multisig accounts putting over $500 million of digital assets at risk – it was disclosed and fixed so there are no user assets at risk now,” dWallet Labs tweeted.
Sources revealed that multisignature wallets need multiple signers present in an account to approve transactions and move funds, which further allows the creation of joint accounts in crypto. Each account signer has their personal keys and the account needs a specific entry for the approval of transactions, Cointelegraph added.
“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key,” the research team explained. Furthermore, TRON did not make any further comments on this issue, Cointelegraph concluded.
(With insights from Cointelegraph)
Follow us on Twitter, Facebook, LinkedIn