| Cryptocurrency | Price (USDT) |
|---|---|
| BTC | $107326.8500000000 |
| ETH | $2434.4920000000 |
| BNB | $649.1998200000 |
| XRP | $2.1869730000 |
| ADA | $0.5615982000 |
| SOL | $149.9500000000 |
| DOGE | $N/A |
| DOT | $3.3977000000 |
| LTC | $86.4274000000 |
| LINK | $13.3416700000 |
Category: CRYPTO NEWS
The post HashEx Security Alert – A Single Signature Could Drain Your Wallet appeared on BitcoinEthereumNews.com. HodlX Guest Post Submit Your Post Zero days without incidents in the DeFi space. This time the vulnerability was discovered in a widely used ‘elliptic library.’ What makes matters worse – its exploitation could lead to hackers taking control of users’ private keys and draining wallets. All through a simple fraudulent message signed by a user. Is this a critical issue? The first thing to consider is the fact that libraries like elliptic provide developers with ready-made code components. This means that instead of writing the code from scratch and checking it as they go, developers just borrow the elements they need. While it’s considered to be a safer practice, since the libraries are continuously used and tested, this also increases the risks if one vulnerability gets through. Elliptic library is used extensively across the JavaScript ecosystem. It powers cryptographic functions in many well-known blockchain projects, web applications and security systems. According to NPM statistics, the package containing the error is downloaded approximately 12–13 million times weekly, with over 3,000 projects directly listing it as a dependency. This broad usage implies that the vulnerability potentially affects a vast number of applications – especially cryptocurrency wallets, blockchain nodes and electronic signature systems – as well as any service relying on ECDSA signatures through elliptic, especially when handling externally provided input. This vulnerability allows remote attackers to fully compromise sensitive data without proper authorization. That’s why the issue received an extremely high severity rating – approximately nine out of 10 on the CVSS scale. It’s important to point out that exploiting this vulnerability requires a very specific sequence of actions and the victim must sign arbitrary data provided by the attacker. That means that some projects may remain safe, for example, if an application only signs predetermined internal messages. Still, many users…
2025-04-05T03:42:08+00:00