Cryptocurrency exchanges holding user funds have risked falling into numerous security pitfalls by failing to ensure security protocols are properly implemented, according to new research.
Speaking to Wired for an article Sunday, Jean-Philippe Aumasson, the co-founder exchange security firm Taurus Group, said he and his team, along with Omer Shlomovits from crypto wallet maker ZenGo, had uncovered three significant vulnerabilities in the way some custodial exchanges hold user funds.
While private crypto wallets usually have just one private key for the holder, exchanges go a step further and split keys up into different components - a distributed key scheme - so no one entity has complete control over the main wallet.
That generally improves security but, as Taurus Group found, the new attack vectors stemmed from splitting private keys up partly because they assumed key holders, entities responsible for part of the key, would not be malicious.
Some vectors come from the refresh function that enhances privacy by replacing key components so a third party can't slowly work out a full private key.
From open-source software from an exchange the researchers refused to identify, a malicious key holder could change, or threaten to change, part of the component so the full private key is lost - preventing the exchange from accessing funds again.
Arguably the biggest vulnerability came from a key-generation protocol from Binance where the key holder pretended to be the protocol itself, assigning other key holders the random values they need to verify their identity.
Armed with that information, a hacker could compromise the system from the moment it was set up, giving them access to the rest of the private key and allowing them to drain wallet funds.
Binance fixed the problem in March and said it recommends users go through the key-generation procedure only if they are concerned one of the holders could be malicious.
CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.
Researchers Find Flaws in Security Protocols Developed by Major Crypto Exchanges
Published on Aug 10, 2020
by Coindesk | Published on Coinage
Coinage
Recent News
View All
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.