Ethereum Vulnerability Allows Attackers to Execute RPC Calls Anonymously, Emptying Thousands of Wallets

June 28, 2019 – Giles Broom

Update

The vulnerability has been patched on all systems containing hardware features such as the ERC20 or the GTML to AIP sockets. Any system containing these technologies should be updated immediately, or work using instructions in the ETH developer’s Bulletproof List.

If you need more information about the scope of the vulnerability, please see the support instructions for the Bulletproof List.

Original Article

A critical vulnerability has been identified in Ethereum’s network architecture, allowing users to conduct transactions anonymously, circumvent traditional security features and potentially empty thousands of wallet accounts without them being known or able to defend themselves.

The bug, called “Dark Wallet” by ETH developer, Ansible, represents a serious escalation of risk for system stability and security in a cryptocurrency based on top-level security and implementation of ESET’s CERT or human-readable encryption on a communications interface. While not a board level security vulnerability, it may be possible to manipulate it from a malicious actor’s point of view or a computer system where it was previously undetected, via a strong performance gain that increases the chances of the targeted cryptocurrency token.

“Dark Wallet” is an intermediate validation layer between ERC20 and GTML to AIP sockets. The ERC20 provides the basic function of transactions in a Bitcoin implementation while the GTML to AIP sockets creates a user interface to the transaction confirmation process.

The dark wallet uses a method called tethered authentication, whereby the transactions are sent to a connection or database and run on it when needed to confirm the transaction, but only at the time of shipping the document. This prevents transaction confirmation from being interrupted. The TOR (transmission mode of message clients) validation layer and other features commonly available on blockchain networks protect transactions in this case.

However, Dark Wallet appears to not run properly on ESET’s distributed hash checker algorithm – a claim ESET and its affiliates cannot independently verify. Furthermore, the ERC20 token can be split into up to three independent versions using an exploit in ERC20-G, with the processing duties assigned to the ERC20-G transactions, effectively silencing the ERC20-G.

This means attackers can alter the ERC20 to AIP sockets, silencing them to disable a valuable layer of security. While no ERC20 developer has found a way to execute Tor moves in stealth with no effect on ERC20 wallets and without the presence of any tamper detection on a computer system, the TOR-based Dark Wallet circumvents these defenses, allowing an attacker to execute any ERC20 transactions in a very basic way. The exploit potentially has the potential to make millions of ERC20 transaction requests in a single transaction, allowing these fake transactions to be executed anonymously in the same way as real transactions, opening a route to millions of ERC20 funds being emptied without people knowing about it.

Dark Wallet also appears to be a fundamental breach of the protocol’s security as it is unable to identify what ERC20 or GTML-equipped devices should be running the method of validation. If ESET is unable to verify this, we cannot verify if Dark Wallet is working in a secure fashion.

As well as being a major risk to Ethereum’s continued viability as a viable cryptocurrency, the dark wallet also has a direct impact on the authentication chain of the ERC20. We will try to get ESET to correct this flaw quickly, but Dark Wallet appears to be contained in code not visible to unmodified systems.

Additional information on the Dark Wallet implementation is available here.


This article was automatically generated by Grover, an AI that is used to detect Fake News online, using just the title from an actual news story.

Source of the title is my own imagination.