A recent hack endangered the security of 14,545 Tron crypto wallets, putting millions of dollars in virtual assets at risk. The attack revealed vulnerabilities in the UpdateAttackPermissions feature, making accounts susceptible without the owners knowing.
Tron Crypto Wallets Hack
The hack affected about 14,545 Tron crypto wallets, compromising millions in virtual assets. According to AMLBot, in Q4 2024, around 2,130 wallets were risked through the vulnerability in the UpdateAttackPermissions feature. Unlike traditional hacks that quickly relocate funds, this hack allows attackers to control wallets stealthily.
Enhancing Account Security
The UpdateAccountPermission transaction on Tron aims to enhance account security with multi-sig-like functionalities. This feature enables account owners to assign specific roles to keys, define their weight values, and set transaction authorization thresholds. However, when a key is compromised, the account becomes vulnerable: a hacker can add their key to reach the transaction threshold without the owner's consent.
Exploitation of Common Functions
Exploitation of blockchain functions is not exclusive to Tron. On Ethereum, bad actors exploit common functions such as 'approve' and 'permit' essential for decentralized finance platforms. Phishing attacks using these can lead to significant losses. As of November 2024, blockchain phishing scams resulted in $9.38 million in losses, with $7 million attributed to Ethereum.
The recent hack highlights vulnerabilities in innovative account management features on Tron, emphasizing the importance of security and user awareness amid the ongoing rise of cyberattacks.
