What are the “digital signatures” that the WazirX hackers accessed?

george

What are the “digital signatures” that the WazirX hackers accessed?

The WazirX hacker, who stole over $230 million (around Rs 1,900 crore) from a multi-signature wallet, managed to access the digital signatures required to process transactions to facilitate the hack. But what are these digital signatures? Unlike the scribbles of text that we usually identify as a signature, digital signatures are virtual signature algorithms. Much like human signatures, these digital signatures prove the authenticity of each command associated with a cryptographic transaction.

How do digital signatures work?

As a mathematical tool for authentication, digital signatures contain many details related to any transaction. These details include proof of origin, time of initiation, and status of any digital document.

Based on asymmetric cryptography, a digital signature is created to verify information or a command. To create a digital signature, a pair of private and public keys must be created. While the private key is used to create the signature, the public key is used to verify the signature.

In general, digital signatures are dependent on a public key infrastructure (PKI). To generate a mathematically related private key and public key, public key algorithms such as Rivest-Shamir-Adleman can be used. Just as all human signatures are unique, this software also generates unique digital signatures, different from any other generated to date.

In March this year, WazirX published a blog detailing how crucial these digital signatures are in the blockchain sector. According to the Indian exchange, digital signatures enhance the security and authentication of transactions. The exchange also stated that the digital signature provides precise timestamps, eliminates the need for a centralized authority, and makes the verification process more time-efficient.

“If the signature is fully valid, it confirms that the user initiating the transaction is the rightful owner of the data,” the blog post reads. “The widespread adoption of blockchain, alongside the ongoing use of digital signatures, is shaping a future where decentralization, security, and transparency redefine the dynamics of online transactions.”

Disadvantages of implementing digital signatures

Implementing digital signatures in smart contracts or for transaction verification can prove to be a costly process, as both senders and recipients associated with a transaction will need to purchase digital certificates and verification software.

While digital signatures can be considered a safer option for implementing two-factor authentication (2-FA) in cryptocurrency transactions, they are not a foolproof security measure in the cryptocurrency sector.

In the case of WazirX, the hacker used the WazirX multi-sig wallet, which was under the supervision of Liminal Custody. The hacker, suspected of being part of the infamous North Korean group Lazarus, managed to gain access to the signatures needed by both parties to approve the transaction and facilitated the attack.

Affiliate links may be generated automatically – see our ethics statement for details.

Source link

Leave a Comment

d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c d0c