Researchers at dWallet Labs have discovered a critical vulnerability in Tron’s multisignature wallets that would allow an attacker to bypass the multisignature mechanism and sign transactions with a single signature. The research team reported in a technical breakdown that the vulnerability could have impacted as much as $500 million worth of assets held in Tron multisig accounts. The vulnerability allows any signer to “completely overcome the multisig security offered by Tron.” Normally, multisignature wallets require multiple signers defined in an account to approve transactions and move funds. The vulnerability with Tron’s multisig allows for generating many valid signatures. According to the cybersecurity team, Tron ensures the signatures are unique instead of checking if the signers are unique, which, in turn, lets signers potentially “double vote” or sign twice. The research team notified Tron of the vulnerability in February, which was resolved in a few days. Cointelegraph reached out to Tron for comments but did not receive a response.
In other news, the Arbitrum-based Jimbos Protocol was recently hacked, resulting in the loss of 4,000 Ether (ETH) worth $7.5 million. Blockchain security firm PeckShield reported the exploit on May 28. Decentralized finance continues to offer exciting opportunities, but the risks cannot be overlooked.