
A security vulnerability on decentralized exchange, Loopring, was identified and quickly patched before it could be exploited.
On May 7, Blockchain scalability and privacy specialist, Starkware, discovered a critical security vulnerability in the frontend wallet of Loopring’s decentralized exchange. This bug placed all $5 million worth of the exchange’s funds at risk.
Starkware alerted Loopring, who shut down the exchange and swiftly fixed the bug.
Potential attacker could create all user account keys
The vulnerability arose because Loopring users have two keys; an Ethereum key and a proprietary account key. However, the frontend wallet used a 32-bit integer to derive each user’s private key. This could have potentially allowed an attacker to reproduce every key on the platform.
After Starkware demonstrated the flaw to Loopring, the exchange sprung into action, immediately closing down the platform while a fix was put in place.
Loopring users’ Ether (ETH) account keys were not exposed by the vulnerability.
Pats on the back all round
Loopring announced that it has since patched the security flaw by strengthening the method by which keypairs are produced. It has also stopped order matching from existing users until they have changed their trading passwords, and hence updated their keypairs.
Loopring confirmed that no user funds were lost due to the vulnerability, and commended Starkware for its responsible disclosure. Starkware in turn, praised Loopring for its professional and timely response in dealing with the bug.
The fact that it was identified, communicated and fixed before the general public found out shows both the solidarity of the Decentralized Finance (DeFi) community, and how it has developed in recent years.
Ross Middleton, CFO of DeversiFi, which is soon to launch a new platform in collaboration with Starkware, explained the importance of this:
“If non-custodial decentralised exchanges want to take on exchanges like Binance and Kraken then they [must] demonstrate that their technology is just as safe or safer to use than existing options. Starkware’s quick discovery of a vulnerability in Loopring is an example of how much DeFi has matured in handling exploits.”
Source: , CoinTelegraph

Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.