White hat hackers protected the TRON blockchain from a potential vulnerability that could have impacted $500 million in a multi-sig.
In the realm of Web3, bad actors are constantly seeking to exploit vulnerabilities and steal funds. But white hat hackers stepped in as the heroes by actively identifying and reporting vulnerabilities to the respective teams, effectively thwarting any potential exploits.
White Hat Hackers Received Bounty From TRON
According to dWallet Labs’ cybersecurity team, TRON’s native multi-sig had a critical vulnerability that put $500 million at risk.
After discovering the vulnerability, the team reported it to TRON on Feb. 19 Finally, TRON was able to fix the vulnerability and offered the white hat hackers a bounty in reward.
How Does Multi-Sig Work?
In layman’s terms, a multi-sig account requires consent in the form of blockchain signatures from multiple wallets. Generally, there are two elements: weight and threshold.
Weight is the power of a particular wallet. And the threshold is the minimum weight required for a transaction to carry forward.
If the threshold is three, then three different wallets with a weight of one can authorize the transaction. Or, a wallet with the weight of one and another with the weight of two can authorize the transaction together.
What Was the Problem?
The vulnerability allowed a “double-vote” from any signer, irrespective of their weight. Due to double-voting, malicious signers can achieve the threshold and bypass the security of Tron’s multi-sig.
dWallet Labs explains:
“An attacker can perform transactions in every multisig wallet for which he has permission (with any weight), regardless of the threshold.”
Crypto and decentralized finance (DeFi) are becoming frequent targets for hacks. But such actions from cybersecurity experts help make the crypto infrastructure more secure.
As a matter of fact, white hat hackers saved over $20 billion in 2022 by proactively reporting the vulnerabilities in crypto projects.
Got something to say about TRON’s vulnerability or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.
For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
