Blockchain security firm dWallet Labs has unveiled a critical vulnerability that has the potential to impact around $1 billion worth of cryptocurrencies, including assets like Ether, Aptos, BNB, and Sui (SUI).
The vulnerability centers around validators hosted by the infrastructure provider InfStones. In a research paper sent to Cointelegraph, dWallet Labs outlined their findings, which exposed a series of vulnerabilities within InfStones validators.
The security firm explained, “A chain of vulnerabilities we discovered and exploited during our research allowed us to gain full control, run code, and extract private keys of hundreds of validators on multiple major networks, potentially leading to direct losses equivalent to over one billion dollars in cryptocurrencies such as ETH, BNB, SUI, APT, and many others.”
This means that an attacker exploiting this vulnerability could obtain the private keys of validators across various blockchain networks, potentially gaining control over more than a billion dollars’ worth of staked assets.
InfStones responded to the disclosure, disputing the claim that the bug could affect such a significant amount of assets.
Darko Radunovic, a representative from InfStones, stated that the potential vulnerability was only identified in a small fraction of the live nodes they had launched.
Specifically, it was found in 237 instances, including 212 designated for testing and 25 newly launched nodes in the production environment.
Radunovic clarified, “The instances identified in production constitute a fraction below 0.1% of the live nodes we have launched to date.”
In response to the vulnerability report, InfStones took proactive measures.
They conducted internal reviews and had a security firm with accreditation audit their systems and company policies.
Additionally, the company initiated a bug bounty program to encourage third parties to collaborate on identifying and resolving any bugs they may discover.
The revelation of this vulnerability highlights the ongoing challenges in ensuring the security of blockchain networks and the importance of prompt and effective responses by both infrastructure providers and security firms to protect the assets of crypto holders and investors.