Security firm discovers $500M vulnerability in Tron multisig accounts

A research study group at dWallet Labs has discovered a zero-day vulnerability in Tron multisig accounts, permitting an assailant to bypass the multisignature mechanism and sign deals with a single signature.In a technical breakdown post, the research group said the vulnerability could have affected $500 million in possessions held in Tron multisig accounts. This is because it permits any signer to “completely conquer the multisig security used by TRON.” 0d, our superstar cybersecurity research study team, found a vulnerability in TRON multisig accounts putting over $500M of digital assets at risk – it was disclosed and repaired so there are no user assets at risk now.A technical breakdown: https://t.co/nMj6kV6Oc3— dWallet Labs (@dWalletLabs) May 30, 2023

According to the research team, the vulnerability with Trons multisig enables for creating many legitimate signatures. According to the cybersecurity team, Tron ensures the signatures are unique instead of inspecting if the signers are special. Source: TwitterThe scientists noted that the vulnerability was reported to Tron in February and fixed days after.Related: Justin Sun concerns apology after Sui LaunchPool clashes with Binance CEOCointelegraph reached out to Tron for comments however did not receive a response.