Slowmist has identified a significant safety defect in the widely used encryption library, which can allow hackers to reverse the engineer private key in applications that depend on it.
Blockchain security firm is Slomist Marked A significant security vulnerability in the JavaScript elliptical encryption library, usually used in Crypto Wallet (including Metamsask, Trust Wallet, Laser and Trazor), Identification Nutrition System and Web 3 applications. In particular, the flagged vulgarity allows the attackers to extract a private key by manipulating the specific input during a single signature operation, which can give them complete control over the victim’s digital assets or identity credentials.
Romantic Elliptical curve digital signature algorithm The process requires several parameters to generate digital signatures: messages, private keys and a unique random number (K). The message is the hashd and then signed using a private key. For random value K, it is necessary to ensure that even though the same message has been signed several times, each signatures are different – for how each use requires a stamp for each use. Slowly identified specific vulnerability occurs when K is accidentally reused for different messages. If K is reuse, the attackers can take advantage of this vulnerability, which may allow them to reverse the private key.
Similar weaknesses in ECDSA have led to security violations in the past. For example, in July 2021, Anyswap protocol was Tampered When the attackers took advantage of the weak ECDSA signature. He used vulnerability to sign, allowing him to withdraw funds from any WSWAP protocol, resulting in a loss of about $ 8 million.
