Secret Network has announced the resolution of a severe vulnerability reported by white hat hackers. The loophole would have enabled bad actors to gain access to users’ data and funds, according to a blog post released on November 29, 2022.
Secret Network foils xAPIC loophole
Secret Network, a distributed ledger technology (DLT) project that provides users with privacy-preserving smart contracts for the development of truly decentralized, permissionless, and private applications, has successfully foiled a severe vulnerability that could have resulted in the loss of funds and users’ data if exploited.
Per a blog post by the team, a group of whitehat hackers notified SCRT Labs of an underlying loophole on its platform affecting the privacy of data stored on Secret Network and the team took proactive measures to mitigate and resolve the risk.
Secret Labs stated:
“This disclosure was related to the recently disclosed xAPIC architectural bug, an uninitialized memory read in the CPU itself that impacted certain SGX-enabled CPUs. To the best of our knowledge, no malicious actor has exploited this vulnerability in the wild before disclosure and mitigation.”
After successfully limiting the exposure of the vulnerability by invalidating the access keys used by nodes to register on the network, SCRT Labs says it further collaborated with the researchers and tech giant, Intel, to deploy a solution that will make it impossible for vulnerable machines to rejoin the network.
Securing Secret Network for the future
To ensure the continuous security of users’ funds and data stored on its platform, Secret Network has made it clear that new nodes joining the network will only be able to use “server-class” hardware since they are less susceptible to attacks as compared to user-class hardware.
Going forward, SCRT Labs also plans to introduce more security-focused features that will enable its stakeholders to tackle vulnerabilities faster. The team will also increase communication with Intel to ensure its stakeholders are notified of future undisclosed vulnerabilities early.
While Web3 and decentralized finance (DeFi) have been affecting lives positively, hacks and heists remain a major challenge for the industry. In 2022 alone, DeFi and Web3 have lost over $2 billion to hackers. Proactively resolving bugs and security vulnerabilities in blockchain solutions is the only way to make Web3 safe for all.