DWallet Labs Uncovers Potential $1 Billion Cryptocurrency Vulnerability in InfStones Systems
Summary:
Security firm dWallet Labs recently discovered a potential vulnerability in blockchain networks hosted by InfStones that could impact up to $1 billion worth of cryptocurrencies. dWallet Labs' report suggests that an attacker could gain full control of private keys across several major networks leading to significant financial losses. Although InfStones dismissed the threat level, it has conducted internal audits and launched a bug bounty program to mitigate potential risks.
Recently, a vulnerability was unveiled by blockchain security company dWallet Labs, which according to their estimates, could put up to $1 billion worth of various cryptocurrencies, including Ether (ETH), Aptos (APT), BNB (BNB), and Sui (SUI), at risk. dWallet Labs communicated this information to Cointelegraph via a report which outlined a probable weakness in validators maintained by an infrastructure provider, InfStones. The report is a result of dWallet Labs' scrutiny into Web2 attacks on blockchain networks and their attempt to accrue private keys.
In the course of their investigation, they identified exploitable flaws in InfStones validators. Their statement read that "through exploiting a series of vulnerabilities that we unearthed during our research, we could obtain complete control, execute code, and retrieve private keys belonging to several validators across different major networks." This would potentially result in massive losses, amounting to over a billion dollars, in cryptocurrency including ETH, BNB, SUI, APT among others.
According to dWallet Labs, an individual exploiting this vulnerability would have access to private keys belonging to validators operating on various blockchain networks. The experts from dWallet Labs further emphasized that with assets valued at over one billion dollars staked on these validators, an attacker could potentially gain unmitigated control over all of them.
On the subject, InfStones denied any possible risk to $1 billion worth of assets in their reply to Cointelegraph on November 21st. InfStones’ representative, Darko Radunovic, made assertions to Cointelegraph that only a minuscule fraction of the nodes already launched would be affected by this vulnerability. Radunovic cited that only 237 instances, inclusive of 212 testing cases and 25 newly launched nodes in the production environment, were identified as potential vulnerabilities. InfStones also released a blog stating that the issue was already resolved.
Amplifying on their mitigation strategies, Radunovic said that they've carried out internal reviews and invited a certified security firm to conduct audits on their systems and company protocols in response to this vulnerability. To foster more thorough scrutiny of their systems, InfStones also launched a bug bounty program encouraging third-party contributors to help them directly identify and nullify any potential security loopholes.
Published At
11/21/2023 8:38:33 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.