Security firm dWallet Labs reveals a validator vulnerability that could affect crypt $1B
Blockchain security firm dWallet Labs recently disclosed a vulnerability that could affect up to $1 billion worth of crypto, with assets such as Ether (ETH), Aptos (APT), BNB (BNB), and Sui (SUI) at risk.
In a paper sent to Cointelegraph, dWallet Labs reported a potential vulnerability in validators hosted by an infrastructure provider called InfStones. According to dWallet Labs, it has launched a research paper covering attacks on blockchain networks and private keys in Web2 attacks. During this research, dWallet Labs said it found vulnerabilities in InfStones validators. He wrote:
“The chain of vulnerabilities we discovered and exploited during our research allowed us to gain full control, code and issue hundreds of validating keys on several major networks, resulting in losses of more than $1 billion in cryptocurrencies such as ETH, BNB, SUI, APT. And many others.
According to dWallet Labs, an attacker exploiting the vulnerability could gain access to the private keys of authentication across multiple blockchain networks. “More than a billion dollars in assets have been installed on all these validators, and such an attacker could have taken complete control of all of them,” he added.
RELATED: Exploits, hackers and fraud to steal nearly $1 billion by 2023: report
On November 21, InfStones responded to Cointelegraph's request for comment, denying that this error could affect $1 billion in assets. InfStones representative Darko Radunovic told Cointelegraph that the vulnerability may affect only a small fraction of the already launched live nodes.
According to Radunovic, the vulnerability was discovered in 237 cases, 212 cases were reserved for testing and 25 cases were newly launched nodes in the production environment. “The instances described in production are less than a 0.1% fraction of the live nodes we've launched,” Radunovic said in a statement. The company published a blog post saying the vulnerability has been resolved.
Radunovic highlighted that in response to the vulnerability, he conducted internal reviews and had an accredited security firm audit his systems and company policies. The company has launched a bug bounty program to encourage any third party to work directly on any bugs they find.
Magazine: $3.4B Bitcoin in a Popcorn Can: The Story of the Silk Road Hacker