Bitcoin
Bitcoin (BTC)
$61,818.00 3.59783
Bitcoin price
Ethereum
Ethereum (ETH)
$3,406.58 2.37026
Ethereum price
BNB
BNB (BNB)
$577.16 2.58737
BNB price
Solana
Solana (SOL)
$137.50 5.79241
Solana price
XRP
XRP (XRP)
$0.4770560 1.03974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000179 6.57409
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000128 16.2352
Pepe price
Bonk
Bonk (BONK)
$0.0000234 11.97907
Bonk price
Bitcoin
Bitcoin (BTC)
$61,818.00 3.59783
Bitcoin price
Ethereum
Ethereum (ETH)
$3,406.58 2.37026
Ethereum price
BNB
BNB (BNB)
$577.16 2.58737
BNB price
Solana
Solana (SOL)
$137.50 5.79241
Solana price
XRP
XRP (XRP)
$0.4770560 1.03974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000179 6.57409
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000128 16.2352
Pepe price
Bonk
Bonk (BONK)
$0.0000234 11.97907
Bonk price
Bitcoin
Bitcoin (BTC)
$61,818.00 3.59783
Bitcoin price
Ethereum
Ethereum (ETH)
$3,406.58 2.37026
Ethereum price
BNB
BNB (BNB)
$577.16 2.58737
BNB price
Solana
Solana (SOL)
$137.50 5.79241
Solana price
XRP
XRP (XRP)
$0.4770560 1.03974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000179 6.57409
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000128 16.2352
Pepe price
Bonk
Bonk (BONK)
$0.0000234 11.97907
Bonk price
Bitcoin
Bitcoin (BTC)
$61,818.00 3.59783
Bitcoin price
Ethereum
Ethereum (ETH)
$3,406.58 2.37026
Ethereum price
BNB
BNB (BNB)
$577.16 2.58737
BNB price
Solana
Solana (SOL)
$137.50 5.79241
Solana price
XRP
XRP (XRP)
$0.4770560 1.03974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000179 6.57409
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000128 16.2352
Pepe price
Bonk
Bonk (BONK)
$0.0000234 11.97907
Bonk price
SirWin
SirWin
SirWin

An 8-year vulnerability affecting Bitcoin signing process identified, over 900 addresses affected

an-8-year-vulnerability-affecting-bitcoin-signing-process-identified-over-900-addresses-affected
Edited by
News
An 8-year vulnerability affecting Bitcoin signing process identified, over 900 addresses affected

A new research finding has picked out vulnerabilities in the new class of Bitcoin Elliptic Curve Digital Signature Algorithm (ECDSA) signature that entities have, since 2015, been using to steal funds from unsuspecting users, skimming over 222 bitcoin (BTC) over the years.

Weakness in Bitcoin ECDSA signatures exposed

The study, whose findings were released on June 9, shows that flaws in custom ECDSA signatures can expose the sender’s private keys and even go a long way in disclosing not only the true identity of the sender but their respective addresses, especially if the sender is online.

Researchers have found a new way to exploit a vulnerability in how ECDSA signatures are created in Bitcoin. The weakness occurs when the “signature nonce is generated by concatenating half of the bits of the message hash together with half of the bits of the secret signing key.” In this way, the attacker can proceed to create fake ECDSA signatures that appear to be valid. 

To execute this “lattice-based attack,” researchers said the attacker could recover the sender’s ECDSA private keys only if they knew the nonce used to generate a single signature. A nonce in Bitcoin is a unique, random number generated by a miner that’s used to create a hash. This hash satisfies Bitcoin’s difficulty requirements when verifying a block of bitcoin (BTC) transactions, preventing fraud and double spending.

Approximately 90,000 custom signatures affected

The ECDSA signature is an algorithmic algorithm that is used to sign transactions. In the Bitcoin blockchain, all private key holders, that is, the owners of bitcoin (BTC), must sign transactions, verifying that they are owners before those transactions are processed on the chain. 

The ECDSA signature necessary to approve transactions is created using the private and public keys of the sender. This ECDSA signature algorithm is critical in ensuring that only the sender of the coin is the true owner. At the same time, it protects against double-spending and fraud.

The new finding reveals that custom ECDSA signatures in the blockchain network are vulnerable and can leak funds, true identities, and the sender’s location. During the investigation, nearly 90,000 vulnerable custom ECDSA signatures were identified. These were created by 900 different addresses that have since moved 222 BTC.