Alameda Research and Terra-Backed Privacy Protocol Was Vulnerable to User Data Exploit

A group of researchers found a critical exploit in the privacy protocol Secret Network that threatened to put at risk all user data from the transaction history. The exploit allowed researchers to extract a “consensus seed,” which allows for a “complete retroactive disclosure of all Secret-4 private transactions since the chain began.”

University Researchers Discovered a High-Risk Exploit Within Secret Network

Secret Network, a privacy protocol backed by the troubled crypto firms Alameda Research and Terraform Labs, reportedly had a critical exploit that put in jeopardy all user data since the chain’s inception. The exploit was discovered by a group of researchers from the University of Illinois Urbana-Champaign last month.

Researchers said the exploit allowed them to extract a “consensus seed” – a master decryption key that grants access to private transactions within the Secret Network. The researchers helped the privacy protocol to address the vulnerabilities in October, they added.

“Exposure of the consensus seed would enable the complete retroactive disclosure of all Secret-4 private transactions since the chain began. We have helped Secret Network to deploy mitigations, especially the Registration Freeze on October 5, 2022.”

Secret Network

Secret Network’s Flaws Exposed Using Machines Powered by Intel Chips

The privacy-focused protocol operates on a proof-of-stake (PoS) consensus model, the same mechanism Ethereum uses since the Merge, which relies on validators. As opposed to Bitcoin, which lets users join the network with proper equipment, Secret Network token owners pick 50 trusted intermediaries to maintain validating nodes that underpin the blockchain.

However, the exploit allowed the researchers to extract the consensus seed just by running a full node, which could have been done by anyone else. The researchers ran a full node by exploiting flaws in Intel’s Software Guard Extension (SGX) – a series of instruction codes built into some of the latest Intel processors.

By running full nodes, researchers were able to extract a complete copy of the blockchain and its consensus seed and download it onto the machine powered by flawed Intel processors. The Secret Network developer team known as SCRT Labs reportedly patched the bug earlier this month.

SCRT Labs also told users that it is unlikely that any bad actors have exploited the bug in the past, however, researchers said there are no methods to verify whether anyone has attacked the network before the patch. “SCRT Labs ‘fixed’ it now, but all past transactions are compromised,” they added.

This article originally appeared on The Tokenist