According to Ripple’s press release on January 16, only Ripple (XRP) software libraries that were generated prior to August 2015 are susceptible to attack. This was its response to a research paper which had revealed that after the Ripple Blockchain was scanned, one private key was vulnerable.
Cryptanalysis on Bitcoin, Ripple, and Ethereum Blockchain
Joachim Breitner from DFINITY Foundation, Zug, and Nadia Heninger from the University of California, San Diego are the authors of the paper. These researchers claim to have carried out a cryptanalytic attack against signatures on the Bitcoin, Ethereum, and Ripple Blockchain.
Here, they made reference to the security of Elliptic Curve Digital Signature Algorithms (ECDAs) which is employed by these digital assets. According to the researchers, ECDAs rely on a generated signature value called nonces. The generation of nonces must be unbiased which means that more than one signature value is not created for a private key in order not to lead to a loophole.
Repeated Nouces in Ripple Could Cause Security Issues
In the case of Ripple, the researchers said they were able to access 571,482 unique public keys. Among them, 379,575 hav repeated signatures values. This led to the discovery of a private key which had a repeated nonce. As such, the account of the owner could be hacked and its funds of 30.40 XRP could be illegally obtained.
The report, on the other hand, hand states that this attack can be prevented by:
Using deterministic ECDSA nonce generation, which is already implemented in the default Bitcoin and Ethereum libraries
While responding to the paper, Ripple confirmed that the generation of the deterministic nonce in their software, as the paper suggests, began in August 2015. That being so, addresses are no longer vulnerable to attack since they have taken advantage of the newer software libraries.
Cryptocurrency Exchange Gets Attacked
Software vulnerability issues could pose a lot of threats. An instance is the case of Cryptopia, a New Zealand cryptocurrency exchange that was hacked on January 14. Although clients are still uninformed of how the breach occurred, law officials in the area have begun an investigation.
BTCNN on January 11 reported a similar event of Beam Wallet, a hardware cryptocurrency storage which was said to be compromised even though reports reveal that funds were not been stolen. Nevertheless, people in the United Arab Emirates (UAE) who are the vast majority of users of the wallet were asked to uninstall it and download a newer version.