Slowmist means uncertainty that could lead to private key leakage

Slovmist identified critical safety bandwidth in a widely used encryption library, which could allow hackers to reverse private key engineers in applications that depend on.

Slovmista Security firm BlockcAine marked Critical security vulnerability in the JavaScript encryption library, usually used in crypto wallets (including MetamaskTrust Wallet, Ledger and Treasury), Identity Identity Identity systems Web3 Applications. Specifically, marked vulnerability allows attackers to extract private keys by manipulating specific inputs during the signature’s unique work, which could give them full control over digital means of victims or identity.

Typical Algorithm elliptical curve The process requires several parameters to generate digital signature: Message, private key and unique random number (k). The message has been hassed and then signed using a private key. As for random value K, it is necessary to ensure that even if the same message was signed several times, each signature is different – a similar way in which seal requires fresh ink for any use. Specific vulnerability identified by a slow motion that is incorrectly used for different messages. If K is used again, attackers can exploit this vulnerability, which can allow them Reverse engineer Private key.

Similar vulnerable in ECDSA led to a security violation in the past. For example, in July 2021. years, any Anivap protocol was endangered When the attackers used the weak ECDS signatures. They used the vulnerability of signatures for counterfeit, allowing them to withdraw funds from anisvap protocol, resulting in a loss of about $ 8 million.