dWallet Labs, a prominent cybersecurity research team, has uncovered a critical zero-day vulnerability within the multisignature (multisig) mechanism of the Tron (TRX) network, the firm revealed in a blog post this week.
This vulnerability discovered allows any signer, regardless of their weight, to bypass the multisig security of TRON, impacting over $500 million worth of digital assets held in TRON multisig accounts, dWallet Labs claimed in the post which was also shared via Twitter.
The vulnerability was originally reported to Tron through a bounty program back in February, after which Tron acknowledged the severity of the vulnerability and took action to mitigate it.
Within days, Tron developed and deployed a patch, ensuring that the vulnerability could not be exploited.
dWallet Labs said it received a bounty reward from Tron for the discovery of the vulnerability, but it did not say how much it received.
The vulnerability discovered by the company reportedly revolves around the verification process for multisig transactions on the TRON network.
The flaw was said by dWallet to allow for the generation of multiple valid signatures for the same message by the same private key, bypassing the security measures.
Attackers could exploit this vulnerability to perform unauthorized transactions in multisig wallets, the firm further explained in the blog post.
Founded in September 2017, Tron is a Proof-of-Stake (PoS) network secured by its native token TRX.
The network is ranked as the second-largest after Ethereum in terms of total value locked (TVL) and stablecoin circulation, according to data from DefiLlama.
Tron’s TRX token is also among the top 10 cryptocurrencies by market capitalization, with the total value of its circulating
Read more on cryptonews.com