Security firm dWallet Labs flags validator vulnerability that could affect $1B in crypto

November 21, 2023 0

Validator service provider InfStones disagreed and told Cointelegraph that “nothing close to $1 billion in assets would be at risk,” even in the worst-case scenario.

Blockchain security firm dWallet Labs recently disclosed a vulnerability that they claim could affect up to $1 billion worth of crypto, with assets such as Ether (ETH), Aptos (APT), BNB (BNB) and Sui (SUI) at risk.

In a paper sent to Cointelegraph, dWallet Labs reported a potential vulnerability in validators hosted by an infrastructure provider called InfStones. According to dWallet Labs, they started a research paper on attacking blockchain networks and collecting private keys with Web2 attacks. During this research, dWallet Labs said, they discovered vulnerabilities in InfStones validators. They wrote:

“A chain of vulnerabilities we discovered and exploited during our research allowed us to gain full control, run code and extract private keys of hundreds of validators on multiple major networks, potentially leading to direct losses equivalent to over one billion dollars in cryptocurrencies such as ETH, BNB, SUI, APT and many others.” 

According to dWallet Labs, an attacker who exploits the vulnerability can acquire the private keys of validators across different blockchain networks. “Over one billion dollars of staked assets were staked on all of these validators, and such an attacker would have been able to gain full control of all of them,” they added. 

Related: Exploits, hacks and scams stole almost $1B in 2023: Report

On Nov. 21, InfStones responded to Cointelegraph’s request for comment, denying that the bug could affect $1 billion in assets. Darko Radunovic, a representative from InfStones, told Cointelegraph that the potential vulnerability could only affect a small fraction of the live nodes they’ve already launched.

According to Radunovic, the potential vulnerability was discovered in 237 instances, including 212 cases designated for testing and 25 instances as freshly launched nodes in the production environment. “The instances identified in production constitute a fraction below 0.1% of the live nodes we have launched to date,” Radunovic said in a statement. The company also published a blog post saying the vulnerability was resolved.

Radunovic also highlighted that in response to the vulnerability, they’ve done internal reviews and had an accredited security firm audit their systems and company policies. The company also launched a bug bounty program to encourage any third party to work with them directly on any bugs they may find. 

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

More Stories

Mobile Slot Machines Reimagined with Simplified Interfaces

Juli 5, 2024 0

IRS Is Getting Intense With The Crypto Hide and Seek Game

Juli 4, 2024 0

Blockchain Technology: Ensuring Security and Transparency in Online Betting

Juli 3, 2024 0

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

You may have missed

Crypto remittances in Venezuela surge as economic situation worsens

Juli 6, 2024

Web3 users hit 10M in Q2, MetaMask to enhance security: Finance Redefined

Juli 6, 2024

United Kingdom High Court freezes Craig Wright’s assets

Juli 6, 2024

NFTs and blockchain bridge Ethiopia’s past and present in new art exhibition

Juli 6, 2024

7 Events That Could Shift the Crypto Market Landscape in an Instant

Juli 6, 2024 0

Subscribe To The Latest Crypto News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.