Blockchain security firm dWallet Labs recently revealed a vulnerability that it claims could affect up to $1 billion in cryptocurrencies, with assets such as Ether (ETH), Aptos (APT), BNB (BNB), and Sui (SUI) at risk. .
In a document sent to Cointelegraph, dWallet Labs reported a possible vulnerability in validators hosted by an infrastructure provider called InfStones. According to dWallet Labs, it started research work covering attacks on blockchain networks and private key collection with Web2 attacks. During this investigation, dWallet Labs said it discovered vulnerabilities in InfStones validators. Wrote:
“A chain of vulnerabilities we discovered and exploited during our investigation allowed us to gain full control, execute code, and extract private keys from hundreds of validators across multiple major networks, which could result in direct losses equivalent to more than $1 billion in cryptocurrencies such as ETH. , BNB, SUI, APT and many others.”
According to dWallet Labs, an attacker who exploits the vulnerability can acquire the private keys of validators on different blockchain networks. “Over a billion dollars in assets were staked across all of these validators, and such an attacker would have been able to gain full control of all of them,” he added.
Related: Exploits, hacks and scams stole nearly $1 billion in 2023: report
On November 21, InfStones responded to Cointelegraph’s request for comment, denying that the bug could affect $1 billion in assets. Darko Radunovic, a representative for InfStones, told Cointelegraph that the potential vulnerability could only affect a small fraction of the active nodes it has already launched.
According to Radunovic, the potential vulnerability was discovered in 237 instances, including 212 instances designated for testing and 25 instances as newly launched nodes in the production environment. “The cases identified in production constitute a fraction of less than 0.1% of the active nodes we have launched to date,” Radunovic said in a statement. The company also published a blog post saying that the vulnerability has been resolved.
Radunovic also highlighted that in response to the vulnerability, it conducted internal reviews and had its systems and company policies audited by an accredited security firm. The company also launched a bug bounty program to encourage third parties to work with it directly on any bugs they may find.
Magazine: $3.4 Billion in Bitcoin in a Popcorn Can: The Story of the Silk Road Hacker