A critical zero-day vulnerability within the multisignature (multisig) mechanism of the Tron (TRX) network has been uncovered by dWallet Labs, a prominent cybersecurity research team, according to their recent blog post. This vulnerability reportedly affects over $500 million worth of digital assets held within TRON multisig accounts. The implications of this discovery have far-reaching consequences on the Tron network’s overall security and raised questions about its reliability.
The vulnerability was first reported to Tron via a bounty program back in February, and Tron acknowledged its severity and took action to mitigate it. Within days, the organization developed and deployed a patch to ensure the vulnerability wouldn’t be exploited. dWallet Labs received a bounty reward from Tron for this discovery, although the amount remains undisclosed.
The vulnerability revolves around the verification process for multisig transactions on the TRON network, says dWallet. The flaw allows for the generation of multiple valid signatures for the same message using the same private key, thereby bypassing security measures. By exploiting this vulnerability, attackers can perform unauthorized transactions in multisig wallets.
Launched in September 2017, Tron is a Proof-of-Stake (PoS) network secured by its native TRX token. Data from DefiLlama reveals that it ranks second after Ethereum in terms of total value locked (TVL) and stablecoin circulation. Furthermore, the TRX’s total market capitalization stands at $6.76 billion, placing it among the top 10 cryptocurrencies, as per CoinGecko.
While TRX has been trading higher since the beginning of the year, with a 37% increase from $0.055 on January 1 to $0.075 more recently, the discovery of such a critical vulnerability may cast doubts on the network’s security and reliability. However, Tron’s prompt action to resolve the issue and deployment of a patch is a positive sign.
In conclusion, while the Tron network seemingly contained the discovered vulnerability, it cannot be overlooked when evaluating the overall security
Source: Cryptonews