- SlowMist alone has discovered many common high-risk security vulnerabilities in the blockchain industry.
- The vulnerability was that the Omnicore’s node could not properly handle the “sync lock’ problem when receiving a new block.
- Recently, Omnicore team has fixed a major security vulnerability.
SlowMist: Security Company
Xiamen SlowMist Technology Co., Ltd., is a blockchain security-focused company that takes community-generated incentives as the core and the value transfer as the auxiliary which comes to the blockchain and goes back to the blockchain to construct a closed-loop between blockchain’s ecological threat intelligence and bug bounty.
SlowMist is a Chinese based company, and the founders are very experienced teams of about ten years in front-line Cybersecurity. The team specializes in the ecology security of the blockchain industry.
SlowMist is the first and leading security company that focuses on the blockchain ecosystem in China since the formation of the firm in 2018. It has served many well-known digital currency wallets, Exchanges, smart contracts, and blockchains around the world.
SlowMist’s Latest Warning
SlowMist alone has discovered many common high-risk security vulnerabilities in the industry, and recently on twitter, it warned users to be cautious of Multiple Omni USDT Double spend Attacks.
SlowMist: Be Cautious of Multiple Omni $USDT Double-spend Attacks
Recently, the OmniCore team has fixed a major security vulnerability. As the node does not properly handle the “sync LOCK” problem when receiving a new block, an attacker can send a specially constructed block to
— SlowMist (@SlowMist_Team) March 6, 2020
The warning comes after the Omnicore, “an enhanced bitcoin core that provides almost all the features of the bitcoin and advanced Omni layer features” team has fixed a major security vulnerability.
Omnicore: Vulnerability
The vulnerability was that the Omnicore’s node could not properly handle the “sync lock’ problem when receiving a new block. An attacker can exploit that to specifically construct a block to cause multiple transactions to be recorded in one transaction, which results in account balance wrong in the ledger.
SlowMist Security team reminds it by this method the users who are using the old version of nodes such as 5.0 can easily be targeted and hack into the account balance to display it incorrectly.
The double-spend attacks by using not updated nodes is a standard hacking method, and it is very hard to spot such attacks.
To prevent this type of attack, the best way is to be up-to-date and upgrade the node to the latest version (0.8.0) in time.