Fixing the Security Vulnerability in Tron Multisig Functionality
In February 2022, security researchers from dWallet Labs found a security vulnerability in the Tron (TRX) blockchain’s multisig functionality. This feature is essential for organizations that want to share ownership of a wallet, as several people must approve a transaction before it is sent. The vulnerability enabled hackers to bypass the feature by creating random digital signatures, thus allowing access to a multisig wallet with only one private key. Tron Foundation promptly fixed the issue by implementing an automated checking process for transaction confirmation. This article offers an in-depth explanation of multisigs, their importance, the vulnerabilities, and the security fix that Tron implemented.
Security against Hackers with Multisig Functionality
The term multisig refers to multiple signatures required before a transaction is approved. It is a security measure that ensures that funds are not simply sent by one person but require the approval of others. Multisig is especially vital for organizations, such as crypto exchanges and financial institutions, that cannot afford to have funds stolen. Additionally, multisig prevents outside hackers from siphoning funds away from wallets that have multiple owners.
During 2021, hackers stole a record amount of cryptocurrency. For example, the Dutch Litebit lost 285 Bitcoin worth over $13 million when an employee ran away with the funds. Multisig could have prevented this from occurring, as it requires several trusted individuals to approve a transaction, preventing just one person from stealing the funds.
Tron Multisig Vulnerability and Its Consequences
Unfortunately, the Tron Foundation’s multisig functionality was not correctly implemented. As mentioned earlier, security researchers discovered a vulnerability that hackers could exploit to bypass the feature by creating random digital signatures. With access to just one private key, hackers had the ability to approve transactions from a multisig wallet. Even worse, another type of hack allowed attackers to access the wallet without even possessing a private key.
- Advertisement -
According to the researchers, this occurred because the mechanism relied on checks that the signatures were not the same instead of checks to confirm that the signers were not the same person. This vulnerability raised concerns among many large organizations that had already adopted multisig wallets on Tron. To avoid losing their funds, they started to shift to secure wallets in other blockchains, such as Ethereum and Bitcoin.
Fixing the Tron Multisig Vulnerability
Fortunately, the Tron Foundation acted quickly upon discovering this vulnerability. When benign hackers informed them of the issue, Tron was given time to find a solution before it was publicly exposed. Tron fixed the vulnerability by implementing an automated checking process for transaction confirmation, which verifies which addresses want to confirm the transaction instead of just checking the signatures.
This security fix was implemented within a short period, and the Tron Foundation assured their customers that their funds were safe. With over $500 million in multisig wallets on Tron, the security fix was timely and saved Tron’s reputation as a reliable platform for secure transactions.
Conclusion
The Tron Foundation has demonstrated its commitment to the security of its platform and users by fixing the multisig vulnerability discovered in February 2022. Multisig functionality is essential for organizations to ensure the safety of their funds, and the fix implemented by Tron will help them to continue using the platform securely. As the crypto ecosystem continues to evolve, security will only become more crucial. Fortunately, Tron and other platforms are working hard to maintain their reputation as safe and reliable places to transact crypto.