InfStones Fixes Vulnerabilities Identified by dWallet Labs

Blockchain infrastructure provider InfStones has announced its success in fixing vulnerabilities identified in its system by security firm dWallet Labs.

dWallet Labs reportedly found susceptibilities in InfStones’ validators. According to dWallet Labs, it detected the threats while preparing a research paper on attacking blockchain networks and collecting private keys with Web2 attacks.

“A chain of vulnerabilities we discovered and exploited during our research allowed us to gain full control, run code, and extract private keys of hundreds of validators on multiple major networks,” it noted.

Were the vulnerabilities exploited, dWallet asserted the attacker would have gained access and control of the private keys of validators for several blockchain networks. dWallet noted crypto assets – worth about one billion dollars – could have been lost through this process.

InfStones Acknowledges Vulnerabilities, Disputes Extent

While acknowledging the threat, InfStones disputed the figures quoted. The blockchain infrastructure provider stated that the vulnerabilities only affected a fraction of their launched live nodes.

In a statement published on the company blog, InfStones noted it discovered the potential threats in 237 instances. Of these, 212 were nodes used for testing purposes, while 25 instances affected freshly launched nodes.

Further, the company outlined the steps it took to immediately fix the vulnerabilities. Aside from taking down the affected port and others like it, InfStones rotated all credentials and keys within the platform. Subsequently, InfStones explained it conducted an internal review revealing no further threats. The blockchain infrastructure provider also invited an external security firm to audit its systems and company policies.

Finally, InfStones reminded its customers that the platform is non-custodial, thus limiting client exposure in case of platform vulnerabilities.

Securing Against Future Exploits

The identified threat represents one significant way malicious actors have tried to steal from blockchain and digital asset companies.

According to CertiK, malicious actors targeting the crypto space have stolen more than $1.34 billion year-to-date (YTD). More than $596 million of that came from exploits. The rest included flash loan attacks, brute force attacks, exit scams, and others.

Invariably, the rise in crypto exploits suggests the need for blockchain platforms to deploy more resources to ensure their security. It’s thus not surprising that InfStones took further steps after its internal review and external audit.

The firm followed up by acquiring the SOC 2 Type I attestation, confirming the firm’s compliance with AICPA standards. It also launched a Bug Bounty Program, encouraging third parties to help identify and fix all security weaknesses.

Read More

2023-11-21 16:42