Cryptocurrency

Researcher Discovered Vulnerability In TronLink Wallet

Navigation

Researcher Discovered Vulnerability In TronLink Wallet

Researcher Discovered Vulnerability In TronLink Wallet
CONTENT

  • Jean-Philippe Omasson Discovers TronLink Wallet Uses Weak Form of Encryption

  • Tron platform has already been criticized for neglect of security issues

  • Tron holders should consider the safety of their funds

International consortium of news organizations developing transparency standards.

Taurus Director of Strategic Planning and Development Jean-Philippe Omasson discovered that popular TronLink wallet uses a simple but weak form of encryption. 

Researcher Discovered Vulnerability In TronLink Wallet

CSO and co-founder of Taurus, a Swiss fintech company specializing in secure digital infrastructure for cryptocurrencies and digital assets, has identified a potential vulnerability in the TronLink wallet owned by the well-known Tron project.

The blockchain platform Tron has previously been criticized for its negligence on security issues. So, at the beginning of 2018, plagiarism was found in the white paper of the project. This time, the alleged vulnerability is in the underlying code of the TronLink wallet, which Omasson says went unnoticed:  

These are superficial basic flaws that any competent auditor will find.. 

A mnemonic code is a list of 12 words that can be used to create a private key that controls access to cryptocurrency. Omasson claims that the TronLink mnemonic encryption is very weak:

Apparently, the official Tron wallet uses AES-ECB encryption for the mnemonic code. 

AES-ECB encryption refers to the code used for 12-word encryption. As Omasson explains, this is a poor choice because ECB mode doesn’t really protect encrypted data enough. This mode applies to each block of data separately, and to ensure safety, there must be a certain correlation between these blocks.. 

The ECB regime has long been criticized by numerous security researchers. For example, NotSoSecure called this type of encryption the simplest and most popular and at the same time very weak.. 

With this encryption mode, a hacker can carry out a local attack by hacking the user’s own device and thus effortlessly transfer the Tron cryptocurrency to his address.. 

Researcher Discovered Vulnerability In TronLink Wallet

Omasson emphasizes that this vulnerability does not apply to all Tron holders, but only to users of this wallet..  

According to the researcher, Tron users will benefit from taking precautions and making sure the developers fix the problem in the next wallet update, acquire strong passwords and consider alternative wallet applications..

 

Disclaimer

All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website..

Share Article

Similar articles

Similar articles