Blockchain News

Critical Zero-Day Vulnerability in TRON Blockchain Put $500 Million at Risk

Security researchers recently uncovered a critical zero-day vulnerability in the TRON blockchain, potentially jeopardizing $500 million worth of cryptocurrencies. The flaw allowed unauthorized access to multi-sig accounts, enabling a single signer to exploit the vulnerability and gain control over the funds. This article delves into the nature of the vulnerability, the impact it had on TRON’s security, and the steps taken to address the issue.

The Vulnerability:

TRON’s multi-sig accounts, which require multiple signatures for transaction execution, suffered from a verification oversight. The flaw allowed any signer associated with a mult-isig account to unilaterally access the funds without requiring the remaining signatures. Researchers from the 0d research team at dWallet labs discovered that by signing the same message with non-deterministic nonces, a single signer could generate multiple valid signatures, bypassing the multi-sig verification process entirely.

The Solution:

The researchers proposed a simple yet effective solution to rectify the vulnerability. Instead of solely relying on a list of signatures, TRON’s verification process now cross-references signatures against a list of addresses. This additional check ensures that all necessary information is properly verified, enhancing the security of multi-sig accounts within the TRON blockchain.

Reporting and Patching:

The 0d research team responsibly disclosed the vulnerability to TRON through the platform’s bug bounty program on February 19. TRON promptly patched the vulnerability within a matter of days, demonstrating its commitment to maintaining a robust and secure blockchain infrastructure. The researchers also clarified that the majority of TRON validators have implemented the necessary patches to address the vulnerability, minimizing the risk to user assets.

While the recent disclosure of a zero-day vulnerability in the TRON blockchain raised concerns about the security of multi-sig accounts, the issue has been effectively resolved. Thanks to the timely efforts of the 0d research team and TRON’s swift response, the vulnerability has been patched, and there are no longer any user assets at risk. TRON’s commitment to maintaining a secure ecosystem is commendable, and its proactive approach to addressing vulnerabilities demonstrates its dedication to protecting the investments and assets of its users.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.