Peretasan Radiant Capital Mengungkap Kerentanan Penandatanganan Buta, Mendesak Pengguna untuk Mencabut Persetujuan

CryptoNewsLand · 2024-10-19T06:33:05.000Z

Radiant Capital mendesak pengguna untuk mencabut persetujuan pada semua rantai guna mencegah eksploitasi lebih lanjut setelah pelanggaran senilai $50 juta. Risiko penandatanganan buta meningkat karena dompet perangkat keras sering kali memotong data transaksi, membuat pengguna tidak menyadari potensi kerentanan. Diversifikasi perangkat penandatanganan dan penggunaan antarmuka tepercaya seperti Ledger Live dapat secara signifikan mengurangi risiko serangan penandatanganan buta. Radiant Capital baru-baru ini merilis laporan post-mortem yang merinci pelanggaran keamanan yang mengakibatkan kerugian sebesar $50 juta. Insiden tersebut menyoroti kerentanan dalam proses penandatanganan multi-tanda tangan, di mana perangkat eksternal yang disusupi menyadap dan mengganti transaksi yang sah dengan muatan berbahaya.

Radiant Capital urges users to revoke approvals on all chains to prevent further exploitation after the $50 million breach.
Blind signing risks increase as hardware wallets often truncate transaction data, leaving users unaware of potential vulnerabilities.
Diversifying signing devices and using trusted interfaces like Ledger Live can significantly reduce the risks of blind signing attacks.
Radiant Capital recently released a post-mortem report detailing a security breach that resulted in the loss of $50 million. The incident highlighted a vulnerability in the multi-signature signing process, where compromised external devices intercepted and replaced legitimate transactions with malicious payloads.
The attackers exploited blind signing—a common issue with hardware wallets. While Safe{Wallet} functioned as expected, compromised devices outside the interface intercepted and altered transaction data. This manipulation went unnoticed, leading to three valid signatures for the malicious transactions.
 https://twitter.com/safe/status/1847253904246878553 Blind Signing Risks in Web3
Blind signing presents a major security concern in Web3 protocols. It occurs when users approve transactions without fully understanding the data. Many hardware wallets, constrained by limited display capabilities, truncate critical information, forcing users to approve transactions blindly. 
Consequently, users can unknowingly sign off on malicious transactions. Radiant Capital’s report emphasized the importance of verifying transaction details before signing. Blind signing compromises the transparency needed in secure blockchain transactions.
Collaborative Solutions to Enhance Security
Radiant recommends diversifying signing devices and using trusted interfaces like Ledger Live. This can help reduce blind signing risks by offering more transaction visibility. Furthermore, the company is exploring solutions to compute transaction hashes directly within Safe, giving users an additional verification step.
Additionally, collaboration with hardware wallet providers like Ledger and Trezor is essential to address this widespread issue. Ledger’s "Clear Sign Everything" initiative is a step forward in mitigating blind signing vulnerabilities.
Moreover, Radiant urged its users to revoke approvals on all chains, including Arbitrum, BSC, Ethereum, and Base, to prevent further exploitation. The incident serves as a reminder that security in Web3 must evolve with the growing complexity of blockchain transactions. 
There is a need for enhanced smart contract signature handling. Working together with users and developers can improve transaction visibility and safeguard assets in the decentralized ecosystem.
The post Radiant Capital Hack Exposes Blind Signing Vulnerabilities, Urges Users to Revoke Approvals appeared first on Crypto News Land.

Jelajahi Konten Lainnya dari Kreator

Berita Terbaru

Jelajahi Konten Lainnya dari Kreator

Berita Terbaru

Artikel yang Sedang Tren