Blockchain security company dWallet Labs recently revealed a vulnerability that they claim could affect up to $1 billion in cryptocurrencies, with assets like Ether (ETH), Apartments (SUITABLE), BNB (BNB) and Sui (SUI) at risk.
In a document sent to Cointelegraph, dWallet Labs reported a possible vulnerability in validators hosted by an infrastructure provider called InfStones. According to dWallet Labs, they started research work on how to attack blockchain networks and collect private keys with Web2 attacks. During this investigation, dWallet Labs said, they discovered vulnerabilities in InfStones validators. They wrote:
โA chain of vulnerabilities we discovered and exploited during our investigation allowed us to gain full control, execute code, and extract private keys from hundreds of validators across multiple major networks, which could result in direct losses equivalent to more than $1 billion in cryptocurrencies such as ETH. , BNB, SUI, APT and many others.โ
According to dWallet Labs, an attacker who exploits the vulnerability can acquire the private keys of validators on different blockchain networks. "Over $1 billion in assets were staked across all of these validators, and such an attacker would have been able to gain full control of all of them," they added.
Related: Exploits, hacks and scams stole nearly $1 billion in 2023: report
On November 21, InfStones responded to Cointelegraph's request for comment, denying that the bug could affect $1 billion in assets. Darko Radunovic, a representative of InfStones, told Cointelegraph that the potential vulnerability could only affect a small fraction of the active nodes they have already launched.
According to Radunovic, the potential vulnerability was discovered in 237 instances, including 212 instances designated for testing and 25 instances as newly launched nodes in the production environment. "The cases identified in production constitute a fraction of less than 0.1% of the active nodes we have launched to date," Radunovic said in a statement. The company also published a blog post saying the vulnerability has been resolved.
Radunovic also highlighted that in response to the vulnerability, they conducted internal reviews and had their systems and company policies audited by an accredited security company. The company also launched a bug bounty program to encourage third parties to work with them directly on any bugs they may find.
Magazine: $3.4 Billion in Bitcoin in a Popcorn Can: The Story of the Silk Road Hacker
Post navigation
