coin-img-ETHETH+0.82%coin-img-BTCBTC-0.10%coin-img-SOLSOL-0.14%coin-img-XRPXRP-1.18%coin-img-USDCUSDC-0.01%coin-img-TRXTRX+1.07%coin-img-HYPEHYPE-1.14%coin-img-TONCOINTONCOIN-1.89%coin-img-ETHETH+0.82%coin-img-BTCBTC-0.10%coin-img-SOLSOL-0.14%coin-img-XRPXRP-1.18%coin-img-USDCUSDC-0.01%coin-img-TRXTRX+1.07%coin-img-HYPEHYPE-1.14%coin-img-TONCOINTONCOIN-1.89%coin-img-ETHETH+0.82%coin-img-BTCBTC-0.10%coin-img-SOLSOL-0.14%coin-img-XRPXRP-1.18%coin-img-USDCUSDC-0.01%coin-img-TRXTRX+1.07%coin-img-HYPEHYPE-1.14%coin-img-TONCOINTONCOIN-1.89%coin-img-ETHETH+0.82%coin-img-BTCBTC-0.10%coin-img-SOLSOL-0.14%coin-img-XRPXRP-1.18%coin-img-USDCUSDC-0.01%coin-img-TRXTRX+1.07%coin-img-HYPEHYPE-1.14%coin-img-TONCOINTONCOIN-1.89%

BlockSec flags possible GitHub-exposed SGX signing key as trigger behind Taiko incident

ME News reported that on June 22 (UTC+8), BlockSec Phalcon published an initial assessment of the Taiko security incident. BlockSec said the likely cause was an SGX enclave signing key for Taiko's multiprover module, Raiko, being exposed on GitHub. Using the leaked key, the attacker allegedly registered SGX instances under their control, evaded the attestation verification process, and forged state and signature proofs. The attacker then used forged source signals to label fraudulent cross-chain messages as RETRIABLE and invoked retryMessage to withdraw canonical L1 assets from the ERC20Vault. (Source: Foresight News)
Selected
TAIKO
TAIKO-12.64%
ETH
ETH+0.80%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.