Thursday, November 26, 2020
Home Decrypt News TronLink Wallet Suffers From Poor Encryption, Says Researcher

TronLink Wallet Suffers From Poor Encryption, Says Researcher

In brief

  • Jean-Philippe Aumasson has revealed a potential vulnerability inside the code for the TronLink wallet.
  • According to Aumasson, it uses a weak level of encryption.
  • If an attack was successful, a victim’s Tron cryptocurrency could be taken straight from their wallet.

Jean-Phillippe Aumasson, CSO and co-founder of Taurus, a Swiss fintech company specializing in secure digital infrastructure for cryptocurrencies and digital assets, discovered a potential vulnerability in popular Tron wallet TronLink yesterday.

Blockchain platform Tron has previously been accused of not taking security seriously. In early 2018, there were claims that Tron allegedly plagiarized its white paper. This time, the alleged vulnerability sits in the underlying code for its endorsed TronLink wallet, and according to Aumasson, it has gone undetected.

“[These are] basic shortcomings in crypto that any competent auditor would have spotted,” Aumasson told Decrypt

A mnemonic is a list of 12 words that can be used to turn into a private key, which controls access to some cryptocurrency. Aumasson claims that TronLink’s mnemonics are poorly encrypted.

“Looks like the official Tron wallet uses AES-ECB to encrypt the 12-word mnemonic,” Aumasson tweeted

AES-ECB refers to the code used to encrypt the 12-word mnemonic. The reason this is a poor choice, according to Aumasson, is that ECB mode fails to protect encrypted data successfully. “The ECB mode treats each data block independently, whereas there should be some correlation between the blocks in order to guarantee the higher form of security,” Aumasson said.”

ECB has long been criticized by multiple security researchers for being a weak form of security. As cybersecurity firm NotSoSecure described it, “ECB is the simplest and a popular encryption mode, but at the same time, quite weak.”

The attack would need to happen locally, on the victim’s own device. This is because it’s not a problem with the underlying blockchain network—which can be accessed from anywhere. If successful, a hacker would be able to access the victim’s Tron cryptocurrency and send it to their own address.

While Aumasson acknowledged that this doesn’t affect all Tron holders, it does affect those who use this particular wallet. “It’s not a niche application used by 15 persons,” he added.

If Aumasson is right, Tron holders might want to take precautionary action. He suggested Tron holders consider three potential choices in light of these findings. “I’d encourage Tron holders to a) ensure that the issue is mitigated by the wallet developers in the next release, b) ensure that they have strong passwords, c) consider alternative wallet applications,” Aumasson said. 

We have reached out to TronLink for comment on this story, and will update this article if we hear back. 

Popular Articles

Bitcoin Stored on Exchanges Falls to Two-Year Low

In brief The total amount of Bitcoin on all exchanges has fallen to a two year low. This amount has been decreasing for most of 2020. Over...

Wealthy Customer Shells Out $400K BTC for a Luxury Yacht

Earlier this week, lifestyle blog Robb Report confirmed that a wealthy individual had spent a staggering $400,000 in Bitcoin on a luxury yacht. Quick, Stress-Free Transactions  As the...

What would happen if XRP was declared as a security? Here’s Ripple CEO’s take on it

CEO of Ripple, Brad Garlinghouse spoke about crypto regulation today and shared his views about what it would mean to Ripple if US regulators...

China’s national blockchain network adds Polkadot, Oasis and Bityuan support

China-based blockchain infrastructure provider, Blockchain Service Network or BSN, which is backed by the Chinese Government, today announced that it has added major blockchain...

XRP Sees Massive Retrace, But Analysts Remain Optimistic

XRP has been on a roller-coaster of a ride throughout the past few days and weeks, with the crypto randomly breaking out of a...