SlowMist Uncovers Critical Flaw in Popular Encryption Library
Blockchain security experts at SlowMist have discovered a significant vulnerability in a widely-used encryption library. This flaw could enable hackers to steal private keys from various applications, including popular crypto wallets like MetaMask and Trust Wallet.
The issue lies within the JavaScript elliptic encryption library.Attackers can exploit it by manipulating specific inputs during a single signature operation. This allows them to extract private keys, potentially gaining full control over a victim’s digital assets or identity credentials.
SlowMist flagged this critical vulnerability, identified as GHSA-vjh7-7g9h-fjfh, on March 5, 2025. The flaw occurs when a unique random number, k, is mistakenly reused for different messages. Normally, k ensures each signature is unique, like using fresh ink for every stamp. If k is reused, attackers can reverse engineer the private key.
Similar vulnerabilities have caused security breaches in the past.For instance, in July 2021, the Anyswap protocol lost around $8 million when attackers exploited weak ECDSA signatures to forge transactions.
To protect your digital assets, ensure your applications and wallets are updated with the latest security patches. Stay informed about such vulnerabilities to safeguard your crypto investments.
