A vulnerability on Secret Network – Your secrets are badly kept
A poorly guarded secret is that several different blockchains are attempting to build in native support for anonymity and the protection of private life. Nevertheless, not every technological advancement is made equal. The project Secret Network recently learned this lesson the hard way when research drew attention to the constraints imposed by its concept.
Technology based on the SGX Secret Network
The Secret Network claims to be the first blockchain to offer fully configurable privacy settings. Each user can define what they want to share, with whom they want to share it, and to what extent they want it shared.
In fact, Secret Network offers privacy protection by coupling the Intel SGX technology with a number of different encryption protocols.
SGX is a technology that was created by the corporation Intel, as one may guess from its name. Because of this, it is possible to create execution-safe zones in memory (also called enclaves). These enclaves are utilized to keep the content from being executed and to prevent information from being accessed by a process that is running on the outside.
SGX’s proposed solution does not appear to be impregnable, which is a great disappointment. Researchers from the University of Birmingham have been successful in circumventing SGX security by November 2020.
To make matters even worse, they are by no means the only ones to have accomplished this goal. Since 2017, there have been at least 8 separate instances where the security of SGX has been breached.
Challenges to the security of the Secret Network
Unfortunately, the difficulties caused by the vulnerabilities in SGX are manifesting themselves at the level of the Secret Network.
Ten researchers have just recently published a report that, among other things, demonstrates SGX’s inability to protect data in several applications. According to the findings of their research, Secret Network would be susceptible to two different types of vulnerabilities (APIs and MMIO). These two security flaws were brought to the attention of the general public in August of 2022.
“The consensus seed could be obtained by exploiting these flaws. This is the master decryption key for all of the private transactions that take place on the Secret Network.
This a significant challenge because the disclosure of this key would make it possible for “complete retroactive exposure of all Secret Network private transactions.”
Fortunately, the researchers got in touch with the teams working on the Secret Network so that they could brainstorm potential solutions to the problem.
Even though the method that was used appears to be effective, we cannot rule out the possibility that an attack was carried out before the patch was delivered. In light of this potential danger, the researchers have issued a warning to users of the Secret Network.
“We strongly encourage customers who are concerned about their privacy to reevaluate their risks in light of the fact that their previous transactions may be disclosed.”
The teams working on the Secret Network, on the other hand, appear to be keeping in touch. The latter stated that they had resolved the issue, but they did not address the fact that an assault might have been carried out upstream of the repair.
The safeguarding of individuals’ right to personal privacy is at the center of the discussions. After making some adjustments to its privacy policies not too long ago, the massive company MetaMask set off a firestorm of controversy. As a result, members of the community voiced their disapproval of Infura and MetaMask for gathering the users’ IP addresses.
Hacks and other forms of malicious activity don’t merely affect other people. It is in your best interest to keep the safety of your cryptocurrency under your sole control at all times. It is recommended that you acquire a safe hardware wallet from Ledger before going to bed. Ledger offers a variety of options to accommodate a variety of budgets. Your safety is of the utmost importance (commercial link).