Home Bitcoin Ripple: Only XRP Private Keys That Used Software From Before August 2015...

Ripple: Only XRP Private Keys That Used Software From Before August 2015 Are Vulnerable

Ripple (XRP) software libraries published before August 2015 potentially rendered private keys which signed multiple transactions vulnerable, Ripple announced in a statement released on Jan 16.

Recent research jointly conducted by the DFINITY Foundation and the University of California revealed that a portion of Bitcoin (BTC), Ethereum (ETH) and Ripple addresses are vulnerable.

As is known among cryptographers, the security of Elliptic Curve Digital Signature Algorithms (ECDAs) employed by the aforementioned cryptocurrencies is highly dependent on random data, which are known as nonces. The research further explains:

“It is well known that if an ECDSA private key is ever used to sign two messages with the same signature nonce, the long-term private key is trivial to compute [crack].”

The researchers claim to have successfully hacked hundreds of Bitcoin, some Ethereum, SSH (remote control for unix-like systems), HTTPS and one XRP private keys thanks to so-called biased nonces (with a low degree of randomness.) As the researchers explain, the consequences of such vulnerabilities are vast:

“In the case of cryptocurrencies, these keys give us, or any other attacker, the ability to claim the funds in the associated accounts. In the case of SSH or HTTPS, these keys would give us, or any other attacker, the ability to impersonate the end hosts.”

Still, the paper explains that such vulnerabilities can be prevented:

“All of the attacks we discuss in this paper can be prevented by using deterministic ECDSA nonce generation, which is already implemented in the default Bitcoin and Ethereum libraries.”

According to Ripple, deterministic nonce generation has also been part of their software since August 2015. This feature also makes addresses that interacted with the blockchain employing newer software libraries safe from this vulnerability.

While cryptography is far from perfect, centralized systems like exchanges and single computing systems are successfully attacked with success much more often than private keys, the research states.. The paper further notes that during the research, access has been obtained to only about $54 of BTC and $14 of XRP.

As Cointelegraph reported yesterday, the New Zealand cryptocurrency exchange Cryptopia has suspended services after detecting a major hack that has reportedly resulted in significant losses.

Also, recently news broke that a recent spate of ransomware attacks estimated to have earned hackers 705.08 Bitcoin ($2.5 million) likely came from Russian cybercriminals, not North Korean state-sponsored actors as initially thought.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Bitcoin price: BTC fell back again, trading below $ 36,000 again

Bitcoin (BTC) closes the week with a new low of more than 10%, which pushed its price back below $ 36,000.

Bitcoin Core developers release version 0.21.0 of the software

The developers of Bitcoin Core have just announced the release of version 0.21.0 of the software. Result of...

Shopify employees allegedly behind Ledger’s database hack

In a blog post today, hardware wallet designer Ledger returned to his customer database breach in July 2020 where two employees of...

Bitcoin: New Correction Before Q1 Ends

Alex Mashinsky, CEO of Celsius, assured that the price suffered a decline yesterday in the crypto market. In general comes as...

A New York pub sells for Bitcoin

Two New York pubs are closing their doors and their owner announced that he will sell the trade in cryptocurrencies. Patrick Hughes,...