Blockchain 

Cosmos Network Discloses Critical Vulnerability in Tendermint Core

In a forum post published on Oct. 1 blockchain interoperability platform Cosmos has disclosed a “high-severity security vulnerability” that was found in consensus engine Tendermint Core. According to the announcement, an update patch was released the following morning. The vulnerability reportedly affected all versions of Tendermint, on which Cosmos is built. All validators and service providers on Tendermint-powered networks are encouraged to update their software as soon as possible. Blockchain to blockchain communication The Cosmos platform allows individual blockchains to communicate and transact with each other. Developed by the Tendermint…

Read More
Bitcoin 

Bitcoin’s LN Developer Discloses the Network’s Vulnerability

Bitcoin’s (BTC) Lightning Network (LN) developer Rusty Russel has published the full disclosure of the network’s vulnerability discovered in August, accompanied by a solution. Russel pointed out that the vulnerability appeared while opening funding channels. The described process does not require that receivers check if a transaction is the one promised by the funder in terms of amounts and the actual scriptpubkey.  Scriptpubkey is an output transaction script that requires specific conditions to be observed for a receiver to spend their Bitcoins. The file explains: “A lightning node accepting a…

Read More
Ethereum 

New Parity Update Fixes a Vulnerability Present in Some ETH Nodes

Blockchain software development firm Parity released an update for its Ethereum (ETH) node software which fixes a vulnerability present in some instances. Remote node crashing vulnerability In a blog post published on Aug. 29, Parity announced the release of an update for its Ethereum node software fixing the Remote Procedure Call (RPC) vulnerability. Per the announcement, nodes running Parity’s software with manually enabled public-facing RPC could be remotely crashed with a specially constructed RPC call. The team suspects that nodes with manually enabled tracing may also be vulnerable to the…

Read More
Blockchain 

Crypto PIVX Denies Vulnerability Allegations, Says Users’ Funds Are Safe

Developers of the private transactions cryptocurrency PIVX replied to crypto consulting firm Lunar Digital Assets regarding claims its blockchain was vulnerable to a bug.  In a reply published on Aug. 13, PIVX developers addressed claims made by Lunar Digital Assets CEO Han Yoon. They argued that there has been no resurgence of attacks on its proof-of-stake (PoS) algorithm, and that neither PIVX nor its users’ funds are at risk. According to the post, PIVX fixed its “fake stake” exploit in February, and its network stability and chain trust are not…

Read More
Blockchain 

ShapeShift Addresses KeepKey Hardware Wallet Vulnerability Report

Cryptocurrency swaps and hardware wallet producer ShapeShift addressed recent KeepKey hardware wallet vulnerability allegations. ShapeShift responded to an alleged vulnerability submitted through its responsible disclosure program in a Medium post published on Aug. 4. Per the announcement, the firm received a vulnerability report through the program on May 1, which described what the researchers believed to be a hardware vulnerability. The purported vulnerability would allow an attacker to read what was on the wallet’s screen by monitoring power fluctuations to the display in what is known as a side-channel attack.…

Read More
Blockchain 

0x DEX Protocol Suspended Because of Vulnerability, Funds Safe

The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited…

Read More
Ethereum 

Mt. Gox Vulnerability Covered Up by Founder McCaleb, Lawsuit Alleges

The latest in the long trail of events since the 2014 shutdown of the then-largest — but now defunct — cryptocurrency exchange Mt. Gox is a lawsuit that two former traders on the exchange brought against founder Jed McCaleb. The traders, Joseph Jones and Peter Steinmetz, allege McCaleb of fraudulently and negligently misrepresenting Mt. Gox to “induce” traders to use the exchange. The duo, who filed the lawsuit on May 19 in a court in California, allege that McCaleb was aware of “serious security risks” in the architecture of Mt. Gox back…

Read More
Bitcoin 

Komodo Hacks Itself and Saves Crypto Worth $13M After Learning of Security Vulnerability

Crypto wallet provider Komodo effectively hacked itself to prevent fraudsters from accessing its users’ funds, the company confirmed in a blog post on June 5. Security researchers had alerted the company to a vulnerability in its Agama wallet. Realizing that hackers could strike any moment, Komodo’s cybersecurity team decided to use the same exploit to move compromised crypto to safety. Explaining to users what happened, Komodo said: “We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the…

Read More
Ethereum 

Computer Researcher Finds Wallet Vulnerability That Gave Same Key to Multiple Users

Online cryptocurrency paper wallet creator WalletGenerator.net previously ran on code that caused private key/public key pairs to be issued to multiple users. The vulnerability was described in an official blog post by security research Harry Denley of MyCrypto on May 24. According to the post, the bad code was in effect by August 2018, and was only recently patched out as of May 23. The live code on the website is reportedly supposed to be open source and audited on GitHub, but there were differences detected between the two. After…

Read More
Blockchain 

Tron Discloses Critical Vulnerability Which Could Have Crashed Its Blockchain

The Tron Foundation disclosed a fixed critical vulnerability which could have crashed its blockchain on vulnerability disclosure platform HackerOne on May 2. The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack: “Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and…

Read More