$500M Vulnerability Found in Tron Multisig Accounts by Security Firm

Published on:

Last Updated on May 30, 2023 by Bitfinsider

Tron multisig accounts have a zero-day vulnerability that allows an attacker to sidestep the multisignature system and sign transactions with a single signature, according to a report done by dWallet Labs.

The research team estimated that the flaw might have affected $500 million in funds housed in Tron multisig accounts in a technical breakdown report. This is due to the fact that it enables anyone to “completely overcome the multisig security offered by TRON.”

Source: Twitter

Multisignature wallets enable the formation of joint cryptocurrency accounts by requiring several signers, as the name implies, to authorize transactions and transfer funds. Each signer on the account has their own set of keys, and the account has transaction approval requirements.

The research team claims that Tron’s multisig vulnerability enables the creation of several valid signatures. They said: “We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.”

The cybersecurity team claims that rather than verifying the uniqueness of the signers, Tron makes sure that each signature is distinct. As a result, signatories may “double vote” or sign twice. The solution, according to dWallet Labs CEO Omer Sadika, is straightforward: validate the address rather than the quantity of signatures.

The issue was reported to Tron in February and resolved a few days later, according to the researchers.

Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.