Secret Network says it resolved risk from Intel hardware vulnerability
Quick Take
- The developers of Secret Network have resolved a vulnerability related to its use of Intel hardware.
- Security researchers flagged a vulnerability in Intel SGX chips used by Secret for privacy.
The developers of Layer 1 blockchain Secret Network said they resolved a security issue flagged by researchers who highlighted a vulnerability posed by Intel hardware the network used to enable privacy-preserving smart contracts.
Secret’s promised privacy apps may have been compromised due to a vulnerability in certain Intel SGX chips called xAPIC or ÆPIC Leak.
Intel SGX chips are commonly used by software firms for privacy computing. Secret’s blockchain nodes also use them to encrypt data in a software setup called a “trusted execution environment(TEE).” However, the presence of xAPIC vulnerability also meant hackers could potentially snoop on systems depending on SGX. To prove the risk faced by Secret, the researchers extracted a “consensus seed” to decrypt all private transactions on the Secret blockchain.
“We evaluated TEE-based blockchain Secret Network to see if it was susceptible to ÆPICLeak, and ended up finding the master decryption key for the whole network,” said Andrew Miller, a lead researcher of the report and Assistant Professor at the University of Illinois, Urbana-Champaign.
The researchers showed that it was possible that a malicious hacker could have also obtained all the transactional history on the network, contrary to Secret’s promise of full privacy.
No funds at risk
In a blog post, SCRT Labs, the developer of Secret Network, claimed that no such incident related to a privacy leak had taken place, to the best of its knowledge — adding the hardware vulnerability only affected the privacy of data stored on Secret Network not used to determine the consensus of the blockchain.
“Most importantly, funds were never at risk, because Secret intentionally does not rely on SGX for correctness – only privacy,” Guy Zyskind, CEO at SCRT Labs said.
The researchers first notified SCRT Labs of the vulnerability on Oct. 3. SCRT Labs acted to freeze new nodes to connect to the network to limit the exposure of the vulnerability.
Later, the blockchain firm worked with Intel to develop a patch to prevent vulnerable machines from connecting to the network. This solution was deployed on Nov. 2 via a network upgrade and now the network is secure, it said. “With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet,” SCRT Labs claimed.
SCRT Labs said that it delayed the disclosure of the vulnerability to prevent any malicious hacker from exploiting the vulnerability while it worked on the patch.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.