Bitcoin
Bitcoin (BTC)
$82,609.00 -2.11895
Bitcoin price
Ethereum
Ethereum (ETH)
$1,887.46 -2.73163
Ethereum price
BNB
BNB (BNB)
$601.02 -2.84972
BNB price
Solana
Solana (SOL)
$126.18 -7.02176
Solana price
XRP
XRP (XRP)
$2.30 -3.64874
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000132 2.57549
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000066 -7.71998
Pepe price
Bonk
Bonk (BONK)
$0.0000104 -5.84573
Bonk price
dogwifhat
dogwifhat (WIF)
$0.465339 -7.09587
dogwifhat price
Popcat
Popcat (POPCAT)
$0.181605 -8.2621
Popcat price
Bitcoin
Bitcoin (BTC)
$82,609.00 -2.11895
Bitcoin price
Ethereum
Ethereum (ETH)
$1,887.46 -2.73163
Ethereum price
BNB
BNB (BNB)
$601.02 -2.84972
BNB price
Solana
Solana (SOL)
$126.18 -7.02176
Solana price
XRP
XRP (XRP)
$2.30 -3.64874
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000132 2.57549
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000066 -7.71998
Pepe price
Bonk
Bonk (BONK)
$0.0000104 -5.84573
Bonk price
dogwifhat
dogwifhat (WIF)
$0.465339 -7.09587
dogwifhat price
Popcat
Popcat (POPCAT)
$0.181605 -8.2621
Popcat price
Bitcoin
Bitcoin (BTC)
$82,609.00 -2.11895
Bitcoin price
Ethereum
Ethereum (ETH)
$1,887.46 -2.73163
Ethereum price
BNB
BNB (BNB)
$601.02 -2.84972
BNB price
Solana
Solana (SOL)
$126.18 -7.02176
Solana price
XRP
XRP (XRP)
$2.30 -3.64874
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000132 2.57549
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000066 -7.71998
Pepe price
Bonk
Bonk (BONK)
$0.0000104 -5.84573
Bonk price
dogwifhat
dogwifhat (WIF)
$0.465339 -7.09587
dogwifhat price
Popcat
Popcat (POPCAT)
$0.181605 -8.2621
Popcat price
Bitcoin
Bitcoin (BTC)
$82,609.00 -2.11895
Bitcoin price
Ethereum
Ethereum (ETH)
$1,887.46 -2.73163
Ethereum price
BNB
BNB (BNB)
$601.02 -2.84972
BNB price
Solana
Solana (SOL)
$126.18 -7.02176
Solana price
XRP
XRP (XRP)
$2.30 -3.64874
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000132 2.57549
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000066 -7.71998
Pepe price
Bonk
Bonk (BONK)
$0.0000104 -5.84573
Bonk price
dogwifhat
dogwifhat (WIF)
$0.465339 -7.09587
dogwifhat price
Popcat
Popcat (POPCAT)
$0.181605 -8.2621
Popcat price

SlowMist flags a security flaw that could lead to private key leakage

Dorian Batycka
Edited by
News
SlowMist flags a security flaw that could lead to private key leakage

SlowMist has identified a critical security flaw in a widely-used encryption library, which could allow hackers to reverse engineer private keys in applications that depend on it.

Blockchain security firm SlowMist has flagged a critical security vulnerability in the JavaScript elliptic encryption library, commonly utilized in crypto wallets (including MetaMask, Trust Wallet, Ledger, and Trezor), identity authentication systems, and Web3 applications. Specifically, flagged vulnerability allows attackers to extract private keys by manipulating specific inputs during a single signature operation, which could give them full control over a victim’s digital assets or identity credentials. 

https://twitter.com/SlowMist_Team/status/1897133306485080377

The typical Elliptic Curve Digital Signature Algorithm process requires several parameters to generate a digital signature: the message, the private key, and a unique random number (k). The message is hashed and then signed using the private key. As for the random value k, it’s needed to make sure that even if the same message is signed multiple times, each signature is different—similar to how a stamp requires fresh ink for each use. The specific vulnerability identified by SlowMist occurs when k is mistakenly reused for different messages. If k is reused, attackers can exploit this vulnerability, which can allow them to reverse engineer the private key.

Similar vulnerabilities in ECDSA have led to security breaches in the past. For example, in July 2021, the Anyswap protocol was compromised when attackers took advantage of weak ECDSA signatures. They used the vulnerability to forge signatures, allowing them to withdraw funds from the Anyswap protocol, resulting in a loss of around $8 million.