Exploit Found in Multisig Wallets: Secure Your Crypto Now!
Multisignature Wallets Exploited by StarkEx Protocol
• Multisignature (multisig) wallets can be exploited by Web3 apps that use the StarkEx protocol, according to a March 9 press release provided to Cointelegraph by Multi-Party Computation (MPC) wallet developer Safeheron.
• The vulnerability affects MPC wallets that interact with StarkEx apps such as dYdX.
• Safeheron claims to have discovered a security flaw that arises when these wallets interact with StarkEx-based apps such as dYdX and Fireblocks.
What is a Multsignature Wallet?
A multisignature wallet is a type of cryptocurrency wallet which requires multiple signatures for each transaction. This type of wallet is used by financial institutions and web3 developers to secure crypto assets they own. Unlike other types of multisigs, MPC wallets do not require specialized smart contracts nor do they have to be built into the blockchain’s protocol. Instead, these wallets work by generating “shards” of a private key, with each shard being held by one signer. These shards have to be joined together off-chain in order to produce a signature. Because of this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic.
Exploitation Vulnerability Discovered
Safeheron has discovered a vulnerability which allows Web3 apps using the StarkEx protocol to bypass the security protection of private keys in MPC wallets, potentially exposing users’ layer 2 keys to wallet providers. When these applications obtain stark_key_signature and/or api_key_signature,” they are able to bypass security protections and perform unauthorized transactions like placing orders, performing layer 2 transfers, or cancelling orders without user consent or knowledge.
Working with App Developers To Patch Vulnerability
Safeheron is working with app developers in order to patch this vulnerability so that users’ layer 2 keys are not exposed when interacting with Web3 applications using the StarkEx protocol. It is important for all users who may be impacted by this exploitability issue should take precautionary measures until the issue has been resolved and patched properly in order for their funds remain secure from malicious actors online.
Multi-party computation (MPC) wallets offer an additional layer of security compared to single signature wallets since an attacker cannot generally hack them unless they compromise more than one device. However, it is important for users who may be affected by this exploitability issue should take precautionary measures until the issue has been resolved and patched properly in order for their funds remain secure from malicious actors online