Improving the security of the Signum chain
Or how software and hardware development is challenging today’s blockchain. A battle about secure encryption.
With the ongoing development of software and hardware, we are constantly reviewing the current situation on our Signum chain.
One concern is that accounts with no public key get only 64-bit protection, making it unsafer as time passes in the current technology environment.
A public key will set military-grade encryption on the account and make it future-proofed. A public key is formed by an outgoing transaction or by using the activation service in any of Signum’s current wallets.
As a measure of this latest upgrade, we restricted regular payments to accounts without any public key to protect users and funds on the Signum chain. As we see a very high risk for funds by those accounts without a public key, we activated this protection with the new Signum node version 3.6.0 on Friday, 06th of January 2023.
With this move, we will handle accounts which get created from now on — fine.
We usually would not make such a blitz upgrade without justification!
Signum has been under attack since December 2022 by an attacker group, who tried to crack accounts with no public key with unknown software, and what we can only assume is a massive hardware operation.
On the 26th of December, the first suspicious account was detected cleaning old accounts with no public key (Explorer).
The Signum Network Core team had enough evidence that someone or a group was cracking old accounts and selling the spoils via exchanges or Pancakeswap. At that time, 45M coins were still on those accounts without a public key.
The Exchanges got informed about the suspicious transactions, and the monitoring of the account cracking showed that it runs faster over time, with 2 to 3 accounts cracked per hour.
Meanwhile, the cracking group found another account with a considerable amount, so the unprotected balance shrank to 39M.
To protect the remaining balances with no public key, we implemented emergency protection on the protocol level to avoid such cracking of funds. Accounts which are older than one year and have no public key are temporarily frozen. We finally proteced 37,739,407.4428 Signa with that move.
Please note this decision was not made lightly, but with the potential for this attacker’s actions to affect all Signum users, it was essential to protect the blockchain and users while we still had time.
We also wanted to keep the stolen funds on the chain and get time to discuss with the community what we should do with them, how to unlock the balances, and possibly refund part of the stolen funds using the accounts balances from the attacking group. In this case, we locked the cracker accounts on the protocol level. We finally proteced 15,003,152 Signa.
After the release, we can state the following:
Attacker group stole around 44 Million Signa beginning in December 2022!
They send the following amounts to exchanges — as trackable -:
- Bittrex 15,901,855.74 Signa
- STEX 1,326,702,92 Signa
- WSigna 820,000 Signa
We froze 15,003,152 Signa.
The rest of the 13 Million is currently unkown.
Finally, we stopped the attack and made the Signum chain safer than before. With the latest upgrade of the Signum node to version 3.6.0, a weak encryption pattern was handled, making the funds safe.
Now, as the exchanges are doing their jobs with compliance and law enforcement, we accumulated time to discuss what we should do with the less protected 37M and the 15M from the attacker accounts. It is now a community call to decide what we should do as next!
Signum is the world’s first truly sustainable blockchain, featuring world-class applications on a sustainable leading-edge blockchain architecture. Compared to other cryptocurrencies, Signum powers its native cryptocurrency Signa (SIGNA), with a minor fraction of energy use and e-waste. Signum empowers users and developers around the world with innovative blockchain solutions for everyday life.
SNA is a Swiss Not-for-Profit Organization founded in 2021 to provide a solid foundation for Signum to grow and fulfil its vision of sustainability and innovation in blockchain technology.