Hacks into crypto exchanges target open-source libraries and take advantage of inside jobs researchers said.
889 Total views
18 Total shares Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers.Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9.The crypto exchange attacks were operating more like “an old-timey bank vault with six keys that all have to turn at the same time,” the report said.Cryptocurrency private keys were broken into smaller pieces.It means an attacker has to find them together before stealing funds.Aumasson, a cryptographer, and Omer Shlomovits, cofounder of the key-management firm KZen Networks broke down the attacks into three categories: an insider attack, an attack exploiting the relationship between an exchange and a customer, and an extraction of portions of secret keys.An Insider’s job, open-source library flaws and trusted parties verification An insider or other financial institution exploiting a vulnerability in an open-source library produced by a cryptocurrency exchange is the first way where hackers can attack the exchange, says the report.
It explained that: “In the vulnerable library, the refresh mechanism allowed one of the key holders to initiate a refresh and then manipulate the process so some components of the key actually changed and others stayed the same.While you couldn’t merge chunks of an old and new key, an attacker could essentially cause a denial of service, permanently locking the exchange out of its own funds.” An attacker could also leverage another unnamed key management from an open-source library flaw in the key rotation process.The attacker can then manipulate the relationship between an exchange and its customers with false validation statements.
Those with malicious motivations can slowly figure out the private keys from exchange users over multiple key refreshes.Then a rogue exchange can start the stealing process, according to the report.The last way researchers said attacks could occur is when crypto exchange trusted parties derive their portions of the key.Each party reportedly generates a couple of random numbers for public verification.
Researchers pointed out that Binance, for instance, didn’t check these random values and had to fix the issue back in March.The report added that: “A malicious party in the key generation could send specially constructed messages to everyone else that would essentially choose and assign all of these values, allowing the attacker to later use this unvalidated information to extract everyone’s portion of the secret key.” Shlomovits and Aumasson told the news that the goal of the research was to call attention to how easy it is to make mistakes while implementing multi-party distributed keys for cryptocurrency exchanges.
Specifically, these mistakes can be even more vulnerable in open-source libraries.
As Cointelegraph reported before, CryptoCore launched a phishing campaign against several crypto exchanges and managed to steal $200 million in two years.Share this: Crypto Exchange Bittrex International to Host Its First Public ‘Initial Exchange Offering’ Crypto exchange Bittrex is hosting its first token sale — dubbed an Initial Exchange Offering (IEO) — on Bittrex International, its Malta-based digital asset trading platform.The news was announced in an official press release published on March 11.Bittrex International, which operates within an EU and Maltese crypto regulatory framework, will officially start the IEO on… New Crypto Backed by Gold and Silver Can Now Be Used to Buy Tickets to Sport Events An “evolutionary” monetary system that uses physical gold and silver as the basis for digital currencies has unveiled a series of partnerships as it works to increase participation in its platform and gain support from governments.Kinesis argues that backing cryptocurrencies with precious metals help to reduce the “severe price volatility” which have historically made them… Binance Says Leveraged FTX Removal Comes After Confused Users Hodled Tokens Binance blamed customer confusion for its FTX leveraged token delisting, explaining that users held the tokens instead of trading them, which was the originally intended use case.“The leveraged tokens are not designed for long term holding, which is what we noticed users were doing,” a Binance representative told Cointelegraph in an email.“The tokens will… Ripple Transfers 1 Billion XRP Tokens From Escrow Wallet and Back Again Whale Alert, the ever-vigilant live tracker for cryptocurrency transactions, noted that Ripple transferred a total of 1 billion XRP tokens from its escrow wallet on Dec.2.The blockchain-based payments firm moved the massive amount of tokens in two separate transactions, worth around $219 million in total as of press time.
Interestingly, the company transferred the… Reports: Bitmain Allegedly Fires All BCH Developers in Wave of Redundancies Cryptocurrency mining giant Bitmain has reportedly fired its entire staff of Bitcoin Cash (BCH) developers, Blockstream CSO Samson Mow reported, citing Chinese social media sources on Dec.23.The second in what appears to be a phase of staff losses for Bitmain, around 50 workers are reportedly set to go this week.The messages follow reports on… DeversiFi 2.0 DEx Integrates Starkware to Enable 9K+ Trades Per Second The DeversiFi decentralized exchange has integrated Starkware’s zkStark layer-2 scaling technology into its 2.0 incarnation, bringing high-speed trading, instant settlement and withdrawal certainty.2032 Total views 37 Total shares The DeversiFi decentralized exchange, or DEX, relaunched as DeversiFi 2.0 on June 3, incorporating Starkware’s zkSTARK layer-2 scaling technology.This new platform will be able to… Michigan House of Representatives Votes to Include Cryptocurrencies in Criminal Laws The Michigan House of Representatives has passed a bill, HB 4102, on April 9 that would include cryptocurrencies in criminal codes regarding illegal actions for financial gain.Michigan lawmakers have voted to introduce amendments to various sections of the Michigan Penal Code, specifying that cryptocurrency would be included in provisions relating to money laundering, embezzlement, credit… First Blockchain Association in Mexico Established The first blockchain association in Mexico has formed, its founding members including industry players like blockchain software firm ConsenSys, Forbes Mexico reported Nov.28.The Blockchain Association of Mexico was established companies Bitso, Volabit, BIVA, GBM, Lvna Capital, ConsenSys and Exponent Capital.The organization’s objective is to educate citizens in the technology’s deployment and its potential… 100% of Chainlink Addresses Are Currently in Profit Chainlink’s bull run has created an abnormal situation where its entire supply is currently profitable according to an intelligence firm IntoTheBlock.The recent Chainlink (LINK) rally has led to some unconventional results — 100% of its supply is “in the money” or profitable.This metric simply represents a comparison between the asset’s current price and the… Leave a Reply You must be logged in to post a comment.
Search.