Cryptocurrency exchanges might be vulnerable to hackers – stated researchers at the Black Hat security conference. Its transactions do have high privacy and security to protect their funds. Despite that, researchers managed to find three ways hackers can use to attack such exchanges.
According to the report, the crypto exchange attacks operated like an old-fashioned bank vault with six keys that all have to turn simultaneously. Hackers broke private crypto keys into smaller pieces. However, that means an attacker has to find them all before stealing funds.
Omer Shlomovits, the cofounder of the key-management firm KZen Networks and Aumasson, a cryptographer, divided the attacks into three categories. There is an insider attack, an extraction of portions of secret keys, and an attack exploiting the relationship between an exchange and a customer.
An insider or other financial institution exploiting a vulnerability in an open-source library produced by a crypto exchange is a soft spot. Hackers attack there first – said researchers. They explained that, in the vulnerable library, the refresh mechanism allowed one of the key holders to initiate a refresh. After that, he/she could manipulate the process, so some components of the key changed, while others stayed the same.
You can’t merge chunks of an old and new key. However, an attacker could cause a denial of service, which would permanently lock the exchange out of its own funds.
Hacker could leverage another unnamed key management from an open-source library flaw during the key rotation process. After that, he/she could manipulate the relationship between an exchange and its customers with false validation statements. Scammers could slowly figure out the private keys from exchange users over multiple key refreshes. Afterward, a rogue exchange can start the stealing process.
The third way in which attacks could occur is when crypto exchange trusted parties derive their portions of the key. During that process, each party reportedly generates a couple of random numbers for public verification. As researchers pointed out, some platforms don’t check these random values.
According to Shlomovits and Aumasson, the goal of the research was to call attention to how easy it is to make mistakes while implementing multi-party distributed keys for crypto exchanges.
Cryptocurrencies have evolved beyond Bitcoin, giving rise to a new wave of digital assets known as altcoins. These alternative coins…
Key Points Sweden's economy contracted by 0.1% in Q1 2024, defying the expected 0.2% growth. March saw a 0.4% drop…
Key Points Bitcoin recently reported at $62,528, with a historical peak near $73,000. Estimates range from $70,000 by March to…
Key Points: S&P 500 achieved its best weekly performance since November, rising 2.7% and reversing previous downturns. 80% of S&P…
Key Points EUR/USD is trading at 1.0710, boosted by a dip in the US Dollar Index below 106.00. Fed is…
Key Points Oil prices declined as Brent crude and WTI futures fell, erasing gains from the previous Friday. Israel-Hamas talks…
This website uses cookies.