Security firm dWallet Labs reports validator vulnerability that could affect $1 billion in crypto
Blockchain security company dWallet Labs recently revealed a vulnerability that it says could affect up to $1 billion in crypto, with assets including Ether (ETH), Aptos (APT), BNB (BNB), and Sui (SUI) in danger.
In a post sent to Cointelegraph, dWallet Labs reported a potential vulnerability in validators hosted by an infrastructure provider called InfStones. According to dWallet Labs, they launched a research paper on attacking blockchain networks and collecting private keys with Web2 attacks. During this research, dWallet Labs said, they discovered vulnerabilities in InfStones validators. They wrote:
“A chain of vulnerabilities that we discovered and exploited during our research allowed us to gain full control, execute code, and extract the private keys of hundreds of validators across multiple major networks, potentially leading to direct losses equivalent to over a billion dollars in cryptocurrencies such as ETH. , BNB, SUI, APT and many others.
According to dWallet Labs, an attacker who exploits this vulnerability can acquire the private keys of validators on different blockchain networks. “More than $1 billion in assets were staked across all of these validators, and such an attacker could have taken full control of all of them,” they added.
Related: Exploits, hacks and scams stole nearly $1 billion in 2023: report
On November 21, InfStones responded to Cointelegraph’s request for comment, denying that the bug could affect $1 billion in assets. Darko Radunovic, an InfStones representative, told Cointelegraph that the potential vulnerability could only affect a small fraction of active nodes already launched.
According to Radunovic, the potential vulnerability was discovered in 237 instances, including 212 cases designated for testing and 25 instances as freshly launched nodes in the production environment. “Instances identified in production constitute a fraction of less than 0.1% of the active nodes we have launched to date,” Radunovic said in a statement. The company also published a blog post stating that the vulnerability had been fixed.
Radunovic also highlighted that in response to the vulnerability, they conducted internal reviews and had an accredited security company audit their systems and company policies. The company also launched a bug bounty program to encourage any third parties to work directly with them on any bugs they might find.
Review: $3.4 billion worth of Bitcoin in a box of popcorn: the story of the Silk Road hacker
