Category: Cryptanalysis

Cryptographic applications and cryptocurrency wallets have critical components such as key generation, encryption/decryption, transaction signing, etc. These components should be the main targets for fuzz testing. Using fuzz testing in cryptographic applications and cryptocurrency wallets helps identify and fix vulnerabilities, increasing the security and reliability of the software. Fuzzing testing (or simply Fuzzing) is a software testing method that…

In this study, we will look at the DeserializeSignature vulnerability, which allowed attackers to create invalid ECDSA signatures on the Bitcoin network. In cryptography, an ECDSA digital signature is a mathematical scheme that allows you to prove the authenticity of a digital message or document. In the Bitcoin network, signatures are used to authorize transactions, confirming that…

In this article we will look at an example of a method Gauss-Jacobithat uses modern technologies, such as a pre-trained model Bitcoin ChatGPT, which allows us to more effectively solve complex problems in the field of digital technologies. It is important to note that alternative algorithms such as Gauss-Jacobiplay a key role and open new horizons for the development of…

Bitcoin is the world's first decentralized digital currency, and it has revolutionized the way we think about money. One of the most fascinating aspects of Bitcoin is the vast array of utilities that have been developed to support it. These utilities are designed to help users interact with the Bitcoin network in a safe and secure manner,…

In this article we will cover a broad topic: “Dust Attack” known as: "Dusting Attack"or "Crypto Dust". Perhaps every cryptocurrency user or holder of a large amount of BTC, ETH coins replaced the receipt of an insignificantly small amount of coins in satoshi on their cryptocurrency wallet , this receipt is disguised as "Donate", but in fact it is a whole mathematically refined system for taking…

In this article, we will use the classification of common attack patterns from the cybersecurity resource [CAPEC™] . The “Padding Oracle Attack” was first discussed on Wallet.dat back in 2012 (on the vulnerability management and threat analysis platform “VulDB” ) . The problem of the most popular Bitcoin Core wallet affects the work  AES Encryption Paddingin the file Wallet.dat The technical details of this attack are known: https://en.wikipedia.org/wiki/Padding_oracle_attack An attacker can effectively decrypt…

In this article, we will focus on a smartphone application iOS and Android the popular Bitcoin Wallet that supports fast payments through (Lightning network) BLW: Bitcoin Lightning Wallet . Unfortunately, many autonomous nodes of the open source mobile application from LNbits Node Manager and Core Lightning are exposed to a HIGH RISK of losing all funds in various cryptocurrency coins. Developer David Shares from the Japanese company Bitcoin Portal has published many documents .…

Slowmist researchers conduct regular research into the security of the Bitcoin blockchain . They disclosed a vulnerability in the Libbitcoin Explorer 3.x library , which allowed attackers to steal more $ 900 000 from Bitcoin Wallets ( BTC ) users. According to analysts, this vulnerability may also affect users  Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash и Zcash,who use it Libbitcoin to create accounts. Researchers gave the code name for this vulnerability " Milk Sad " Было…

In this article we will look at a series of web server software vulnerabilities discovered in the  GNU Bash program  . Many Internet services , including Bitcoin blockchain web servers, use Bash to process some requests, for example when executing  CGI scripts . The vulnerability allows an attacker to execute arbitrary commands by gaining unauthorized access to computer systems, which allows the attacker to extract private…

In this article, we will look at a bug in the DAO code. The hacker exploited a bug in the code of the DAO and stole more or less $50 million worth of ether. I will focus here only on the main technical issue of the exploit: The fallback function. For a more detailed and advanced recount…