The Tron Foundation, one of the largest blockchain-based operating systems worldwide, has recently undergone a critical bug, which could have brought down its blockchain network.
According to a disclosure update on the HackerOne platform, with a single computer, a hacker could maliciously consume the CPU power of the TRX network by integrating faulty “bytecode” – a code format recognized in the Tron network – in a smart contract, ultimately execute a Distributed Denial of Service (DDoS) attack on the system, overfilling its available memory, thus effective crashed the Blockchain network at that moment.
“Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.” The disclosure provided an extensive explanation of the attacking process.
The vulnerability was initially flagged on January 14th, which was then handled and was only revealed to the community recently. The cybersecurity researcher who found out about the bug was later rewarded with a $1,500 bounty. A second bounty, worth $3,100, was also given out, but the Tron Foundation has decided not to provide further information about the matter.
The white-hat hackers have successfully secured a total of $878,000 worth of bounty money last year. The Tron foundation reportedly ranked third in the top bounty payer list, with $76,200 rewarded in 2018 by the firm.
As reported by The Crypto Sight on January, Coinbase lost its control of more than half of its network’s computing capacity, which allows the hacker to spend the same cryptocurrency again by rewriting the history transactions. The exchange actually didn’t lose any and was luckier than Gate.io, who was hacked approximately $200,000 later.