Most people use an app or small hardware device to store their cryptocurrencies. However, exchanges and other services, through which...
Most people use an app or small hardware device to store their cryptocurrencies. However, exchanges and other services, through which huge volumes of digital assets pass, need more serious solutions. At the Black Hat cybersecurity conference on Thursday, August 6, researchers detailed the weaknesses of the multi-signature schemes that cryptocurrency exchanges use. This was reported by Wired.
Attacks on cryptocurrency exchanges are not the virtual equivalent of undermining a safe. It's more like opening an old vault with six keys that need to be turned at the same time. Cryptocurrency exchanges share private keys, so an attacker must first put them together to steal funds. Unlike the distribution of physical keys, the cryptographic solutions that underlie the multilateral management of cryptoassets are much more complex. On the other hand, mistakes in these decisions can be very costly.
“These organizations run a huge amount of money, so they have pretty high demands on privacy and security,” says cryptographer Jean-Philippe Aumasson, co-founder of Taurus Group and vice president of Kudelski Security. “They need a way to split the private keys into different components, and also share the shared resources so that neither party has access to the full key. We discovered several vulnerabilities in the implementations of these schemes. And these are not just theoretical attacks - they really could have been carried out by malefactors. "
Aumasson has confirmed and clarified three vulnerabilities discovered by Omer Shlomovitz, co-founder of mobile cryptocurrency wallet company ZenGo.
To exploit the first vulnerability, an insider is needed at a crypto company that uses an open source library written by a well-known exchange (the researchers declined to name it). The attack exploits a vulnerability in the library mechanism to update keys. No one wants the private key or its components to remain the same forever in a schema, because an attacker can gradually compromise each part. In the vulnerable library, the update mechanism allowed one of the key holders to initiate an update, and then manipulate the process so that some components of the key actually changed, while others remained the same. Although fragments of the old and new keys cannot be merged, an attacker can, in fact, permanently block the exchange access to funds.
Researchers reported the vulnerability to the library's developer a week after the code was released, so it is unlikely that any exchange included this library on their systems.
The second vulnerability concerns the key rotation process, which could allow an exchange with unscrupulous employees to gradually obtain private keys after several system updates. After that, the exchange can initiate transactions to steal customers' cryptocurrencies. This vulnerability was hidden in another open source library (this time from an unnamed key management company).
The third attack begins at the stage of distributing key parts between trusted parties. As part of this process, each party must generate a pair of random numbers that will be publicly verified for use later in “zero knowledge proofs” when different key holders prove they have the correct information without disclosing its content. The researchers found that the protocol in the open source library developed by the crypto exchange Binance did not actually test these random values. As a result, an attacker, when generating a key, can send his messages to everyone else. This will allow him to later use this information to retrieve each part of the private key.
“For an attack, you have to compose a specific message, send it during key generation and wait for the first signature. This will be enough to find out all the other keys, ”says Shlomovitz.
Binance eliminated vulnerability in March. The exchange noted that it is only present during the initial key generation. This does not create a long-term vulnerability - unless, of course, the attacker was present during the initial key generation.
“We recommend that users migrate to this new version of tss-lib as soon as possible,” the exchange said in a March announcement. "Signing groups should only go through the process again if any parties were untrusted or potentially vulnerable at the time of key generation."
The attacks described by Shlomovitz and Aumasson were not trivial for an attacker, but the purpose of their study was to draw attention to how easy it is to make a mistake in the implementation of an exchange wallet. And how serious these errors can be when they are in open source libraries that can be used by anyone. Such schemes provide a high level of protection for customer funds, but this cryptography is very complex, so the development of such solutions should not be taken lightly.
“It takes a lot of time, a lot of experience, and everyone makes mistakes,” says Shlomovitz. "Literally everything, because it is very difficult to turn a diagram on paper into a real-world system that stores funds."