The Pipeline Knowledge Graph

Multisig key security vulnerabilities

2 min read

From: thepipeline_xyz

Multisignature (multisig) systems, while designed to enhance security by requiring multiple keys to authorize a transaction, can still be vulnerable to sophisticated attacks, particularly through social engineering and access vulnerabilities. This was starkly demonstrated in the Ronin Network hack.

The Ronin Network Hack: A Case Study

The Ronin Network, a blockchain company, developed a popular game called Axie [00:00:00]. Its parent company was Sky Mavis [00:00:04]. In what might still be the largest hack in history, approximately half a billion dollars was exploited [00:00:53], [00:00:56], [00:01:02].

How the Multisig Was Compromised

The hack originated from a phishing incident targeting a DevOps Engineer at Sky Mavis [00:00:10].

  1. Phishing Attack: The engineer received a job offer via email [00:00:13], [00:00:16].
  2. Malware Execution: The engineer clicked on an executable file within the offer [00:00:18].
  3. Initial Compromise: This action created a critical single point of failure: the engineer’s device gained access to four of the necessary keys for the multisig system [00:00:20], [00:00:23], [00:00:26].
  4. Multisig Structure: The multisig setup for Ronin required five out of nine keys to unlock it [00:00:37]. A multisig is essentially like a door that requires multiple keys to open, rather than just one [00:00:31].
  5. Key Acquisition:
    • Through social engineering, the attackers obtained four keys via the compromised engineer [00:00:41], [00:00:43].
    • To get the crucial fifth key, the attackers performed “lateral movement,” shifting from the initially compromised device to another device on the network [00:00:44], [00:00:47], [00:00:50].
  6. Full Compromise: Once all five keys were acquired, the attackers were able to compromise the system fully [00:00:52].

CAUTION

This incident highlights that even advanced security measures like multisig can be undermined if fundamental user security practices, such as vigilance against phishing and robust internal network segmentation, are not rigorously maintained. The attack demonstrates how a simple office email [00:00:58] can lead to massive financial damage [00:01:00].

Graph View