A group of white hat hackers collaborated with SCRT Labs to fix a flaw that could have completely lifted the anonymity of the Secret Network blockchain. If solutions have since been provided, it is appropriate to wonder about the potential fragility of the confidentiality of this type of network.
Secret Network may no longer be anonymous
A group of white hat hackers revealed a flaw to the SCRT Labs teams, in charge of developing the anonymous Secret Network (SCRT) blockchain. This flaw theoretically allowed break network privacy by retroactively de-anonymizing all transactions.
In fact, this vulnerability was reported on October 3rd. and action was taken immediately. SCRT Labs has therefore chosen to delay its communication to allow the case to be dealt with in depth, without risking giving the opportunity to a malicious actor to take advantage of the flaw before the arrival of a complete solution.
Said flaw was not unique to Secret Network, but resided in Intel processors used by some network nodes. More specifically, it affects an extension called Software Guard Extensions (SGX), which is supposed to protect the data of the software used.
To keep it simple, a malicious actor could have, under certain conditions, breached the data confidentiality of a blockchain history saved on a vulnerable node, and thus lift the anonymity by recovering the main decryption key :
We evaluated TEE-based blockchain Secret Network to see if it was susceptible to AepicLeak, and ended up finding the master decryption key for the whole network. Read more and see a testnet demo at https://t.co/coe7EPXmrY https://t.co/E2pcoNSEsz
—Andrew Miller (@socrates1024) November 29, 2022
👉 To go further – Find our guide on best practices to limit the risk of hack
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
A problem corrected, but which questions
The SCRT Labs teams worked in collaboration with those of Intel and researchers, in order to develop an update preventing any vulnerable machine from operating a Secret Network node.
For “limit the attack surfaceSCRT Labs has since also restricted access to network participation to material said to be “server class” uniquely. In addition, the teams promise to focus on more security-related features :
“This will allow network stakeholders to deal with any similar future vulnerabilities even more quickly, as well as giving nodes tools to self-check. These developments will also limit Secret’s reliance on any external service. »
It is important to note here that at no time were the funds of network users at risk from this flaw, which, by the way, was not due to the Secret Network. It is indeed the anonymity of the blockchain that was concerned, yet supposed to be the fundamental pillar of this network. To the knowledge of SCRT Labs, the flaw has not been exploited under real-world conditions, although in truth, nothing can formally guarantee this.
This case leads one to think that, whatever the will of a project to create a confidential network, it may never be so forever, as the technical means progress or as vulnerabilities are identified.
👉 Also in the news – Solana’s Phantom Wallet opens to Ethereum and Polygon
Join Experts and a Premium Community
Invest in your crypto knowledge for the next bullrun
Source: SCRT Labs
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.