Researchers at the Black Hat security conference have found that cryptocurrency exchanges can be vulnerable to hackers. Although the exchange counts with high privacy and security to protect your funds, Researcher still found 3 Ways Hackers Can Attack Exchanges, according to Wired August 9th.
The attacks against cryptocurrency exchanges were rather similar “An old bank vault with six keys that all have to turn at the same time”, says the news. Private keys for cryptocurrency have been broken down into smaller parts. This means that the attacker You have to find them all together before you can steal the money.
Aumasson, a cryptographer and Omer Shlomovits, Co-founder of the Key Management Company, KZen Networks, shared the attacks in three categories: An inside attack, an attack that takes advantage of the relationship between an exchange and a client, and the extraction of secret keys by parties.
Intern work, open source library bug, and trusted parts review
An intern or another financial institution that takes advantage of a security flaw in an open source library generated by a cryptocurrency exchange It’s the first way hackers can attack an exchange. says the news. To explain:
“In a vulnerable library, the update mechanism allowed one of the key holders to initiate an update and then manipulate the process so that some components of the key were actually changed and others stayed the same. While fragments of a new and an old key cannot be merged, an attacker can essentially cause a denial of service and permanently block the exchange of their own funds. “
An attacker could also use other unnamed key handling from an open source library bug in the key rotation process. The attacker can then manipulate the relationship between an exchange and its customers with incorrect validation instructions. Those with malicious motivations Multiple updates can slowly reveal the private keys of Exchange users of keys. So a villain swap can start the theft process, after the news.
The newest way researchers said attacks could happen It does when the trusted parties of the cryptocurrency exchange receive parts of your keys. Every part apparently generates a pair of random numbers for public review. The researchers found that Binance, for example, These random values were not checked and the problem had to be fixed in March. The news added that:
“A malicious group at key generation could send specially crafted messages to everyone else that would select and assign essentially all of these values so that the attacker could later use this unvalidated information to extract any part of the secret key.” .
Shlomovits and Aumasson told the news agency that the purpose of the investigation is to attract attention how easy it is to make mistakes implementing distributed keys across multiple parties through cryptocurrency exchange. Especially these mistakes They can be even more vulnerable in open source libraries.
As Cointelegraph previously reported, CryptoCore launched a phishing campaign against various cryptocurrency exchanges and was able to steal $ 200 million in two years.