Researchers Discover New Vulnerabilities in Bitcoin, XRP and Ethereum
Researchers were able to discover a vulnerability in different cryptocurrency networks. This is currently affecting $54 worth of Bitcoin (BTC), $14 worth of XRP and just 0.00002 ETH. The problem is related to a vulnerability in digital signatures that affect these different virtual currencies.
Dropping the Bitcoin 0day. pic.twitter.com/y2n2bI3VwM
— Matthew Green (@matthew_d_green) January 9, 2019
As per the researchers, the problem seems to be related to a faulty set-up in hardware, multi-sig or the possible generation of a not very random number.
One of the researchers, Joachim Breitner, explained:
“When you create a cryptographic signature using ECDSA (the elliptic curve digital signature algorithm), you need to come up with the nonce, a 256-bit random number. It is really important to use a different nonce every time, otherwise, it is easy for someone else to take your signatures and calculate your private key suing relatively simple math.”
According to Breitner, there are people monitoring blockchains for signatures that have these repeated nonces and try to extract the money from these keys.
The paper suggests that the attack would be very limited since it could only affect $54 worth of Bitcoin, $14 XRP and 0.00003 ETH. Additionally, this could be prevented using deterministic ECDSA nonce generation that is already implemented in Bitcoin and Ethereum libraries. Additionally, the flaws do not appear to be known since the funds were not yet stolen. However, it would require time, skills and ability to perform the attack, which could be used for another purpose.
If you are a recent Bitcoin user with a new wallet from a popular service, there is not much to worry about.