Blockchain 

0x DEX Protocol Suspended Because of Vulnerability, Funds Safe

The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited…

Read More
Ethereum 

Mt. Gox Vulnerability Covered Up by Founder McCaleb, Lawsuit Alleges

The latest in the long trail of events since the 2014 shutdown of the then-largest — but now defunct — cryptocurrency exchange Mt. Gox is a lawsuit that two former traders on the exchange brought against founder Jed McCaleb. The traders, Joseph Jones and Peter Steinmetz, allege McCaleb of fraudulently and negligently misrepresenting Mt. Gox to “induce” traders to use the exchange. The duo, who filed the lawsuit on May 19 in a court in California, allege that McCaleb was aware of “serious security risks” in the architecture of Mt. Gox back…

Read More
Bitcoin 

Komodo Hacks Itself and Saves Crypto Worth $13M After Learning of Security Vulnerability

Crypto wallet provider Komodo effectively hacked itself to prevent fraudsters from accessing its users’ funds, the company confirmed in a blog post on June 5. Security researchers had alerted the company to a vulnerability in its Agama wallet. Realizing that hackers could strike any moment, Komodo’s cybersecurity team decided to use the same exploit to move compromised crypto to safety. Explaining to users what happened, Komodo said: “We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the…

Read More
Ethereum 

Computer Researcher Finds Wallet Vulnerability That Gave Same Key to Multiple Users

Online cryptocurrency paper wallet creator WalletGenerator.net previously ran on code that caused private key/public key pairs to be issued to multiple users. The vulnerability was described in an official blog post by security research Harry Denley of MyCrypto on May 24. According to the post, the bad code was in effect by August 2018, and was only recently patched out as of May 23. The live code on the website is reportedly supposed to be open source and audited on GitHub, but there were differences detected between the two. After…

Read More
Blockchain 

Tron Discloses Critical Vulnerability Which Could Have Crashed Its Blockchain

The Tron Foundation disclosed a fixed critical vulnerability which could have crashed its blockchain on vulnerability disclosure platform HackerOne on May 2. The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack: “Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and…

Read More
Blockchain 

Coinomi Wallet Addresses Vulnerability Concerns

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27. In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message. Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi…

Read More
Blockchain 

Zcash Vulnerability Permitting Infinite ZEC Counterfeiting Fixed and Disclosed

A vulnerability that could have permitted an attacker to coin infinite Zcash (ZEC) has been patched and disclosed by the company behind the coin, a post on the official Zcash blog states on Feb. 5. Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company — the startup behind privacy-focused cryptocurrency Zcash — reportedly discovered the vulnerability the night before his talk at the Financial Cryptography 2018 conference in March 2018. Gabizon contacted Sean Bowe, a cryptographer at the Zcash Company, the same day. A fix for the vulnerability was…

Read More
Blockchain 

Parity Technologies Fixes Node Vulnerability, Urges All Ethereum Nodes to Update

Ethereum blockchain infrastructure developer Parity Technologies experienced a security compromise that required nodes to perform an urgent update, the company stated in a blog post on Feb. 3. Parity, which is a popular technology stack for Ethereum users, said it had received notification of a loophole which would allow an attacker to shut down nodes running its client. “On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node…

Read More
Ethereum 

Vulnerability Is Found in Constantinople Hours After ETH Devs Call It ‘Least Eventful’ Hard Fork

Ethereum’s (ETH) Constantinople hard fork faces a delay over a newly discovered security vulnerability allowing a reentrancy attack. The critical issue was detected by smart contract audit firm ChainSecurity and reported in a blog post Jan. 15. According to the company’s report, the Constantinople upgrade introduces cheaper gas cost (transaction fees) for some operations on the Ethereum network. As an unexpected side effect, this allegedly enables reentrancy attacks via the use of certain commands in ETH smart contracts. A reentrancy vulnerability allows a potential attacker to steal cryptocurrency from a…

Read More