New Ripple Private Keys Vulnerability Discovered But Said to Only Affect XRP Users Prior to August 2015
Ripple has released a recent statement today, January 16, in which it announced that people who used Ripple’s software libraries published before August 2015 may have made their private keys vulnerable due to an exploit.
This was discovered after a recent research effort was made by the DFINITY Foundation and the University of California. In this research, they discovered that several Bitcoin, Ethereum and Ripple addresses have been compromised.
The explanation is that these cryptos use something that is known as elliptic curve digital signature algorithms as a way to generate the keys. The keys are generated using random data and it looks like an issue compromised some of the private keys generated at the time.
According to the researchers, they hacked several hundreds of BTC, ETH, and HTTPS addresses, as well as a single XRP private key using the issue.
Because of this, there are several concerns with how many consequences can arise from this gap in the technology in case bad actors want to use it. Hackers that get a hold of wallets can steal all the funds from people and they can use the access to be able to impersonate the end hosts of these addresses as well. The exploits are almost endless.
Fortunately, the paper from the research affirms that cases like this one can be prevented in some ways. For instance, by using a deterministic ECDSA nonce determination. According to them, this is implemented by default in both BTC and ETH libraries, which is a good thing.
Ripple Affirms That Software Used After August 2015 Is Safe
Despite the fact that only one Ripple wallet was hacked, the company was concerned with the news. They use deterministic nonce generation ever since August 2015, so all the software that was used after that is secure, but older software may be more vulnerable.
Fortunately, most wallets will be protected. Cryptography may not be perfect and there is a chance that you can breach it, but private keys are harder to hack than single computing systems, so there is an additional defense provided by the decentralization of how the money is kept on the wallets.
This is a good time to check your wallet and be protected, though, since attacks related to cryptocurrencies have risen recently. There are a lot of people trying to still keys now since cryptos are more popular, so security is important if you want your funds to be safe.