| Ticker | Status | Jurisdiction | Filing Date | CP Start | CP End | CP Loss | Deadline |
|---|
| Ticker | Case Name | Status | CP Start | CP End | Deadline | Settlement Amt |
|---|
| Ticker | Name | Date | Analyst Firm | Up/Down | Target ($) | Rating Change | Rating Current |
|---|
There was a serious security flaw in the TRON (CRYPTO: TRON) blockchain network, according to dWallet Labs' cybersecurity research team, 0d.
The issue, reported on Feb. 19, has since been resolved.
What Happened: The vulnerability could have bypassed the multisig security protocols of TRON. As a result, more than $500 million in digital assets held in TRON multisig accounts were threatened.
Also Read: XRP Breaks Chains: Epic Surge Amid Tense Ripple-SEC Showdown
Why It Matters: TRON is a significant player in the global blockchain arena. It boasts over 144 million users and ranks second to Ethereum (CRYPTO: ETH) in terms of Total Value Locked (TVL) and stablecoin circulation.
The blockchain network utilizes multisig or Multi-Party Computation (MPC) for creating joint accounts.
In this setup, a threshold of signers is required to approve a transaction, effectively providing enhanced security.
The recently discovered vulnerability exploited an assumption in TRON's multisig transaction verification process: that there cannot be two different valid signatures for the same message by the same individual. This was proven false in light of TRON's ECDSA signature scheme.
This flaw could allow the generation of multiple valid signatures for the same message using the same private key.
The vulnerability has been addressed by TRON after the report from 0d.
The solution was simple: Checking the signed address against the list of addresses instead of matching the signature against the list of signatures.
This fix effectively secures the TRON blockchain network, protecting the assets of its vast user base.
Meanwhile, a TRON representative told The Block that they indeed received a bug report from HackerOne. The team sprung into action to rectify the issue and implemented the needed fixes to prevent any possible exploitation of the vulnerability.
The detected problem has been successfully dealt with, thus reinstating the security of the system.
Now Read: India To Leverage G-20 Presidency To Spark Global Crypto Conversation
