SAFEHERON BLOG

Navigate Web3 Future with Research and Insights from Safeheron

Equip yourself with the expertise necessary to unlock the Web3 potential

Platform Updates

Asset Management Solutions for Bitcoin Layer 2s

Ensuring that assets are not maliciously stolen by external or internal threats presents a significant security and trust challenge for the Bitcoin Layer 2 ecosystem. Safeheron has outlined several common Bitcoin-based projects and provides corresponding asset management solutions...

Security & Research

Security Analysis of DKG Threshold Raising Vulnerability

Trail of Bits recently disclosed a threshold-raising vulnerability in Distributed Key Generation) protocol. Safeheron's SaaS product is not affected by this vulnerability. Let's see why it happens...

Security & Research

Security Analysis of BitForge Vulnerability in GG18/GG20 Protocol

BitForge vulnerability allows attackers to extract the full private key from a set of MPC key shards. Safeheron commercial version incorporated zero-knowledge proofs, hence it is not affected...

Security & Research

Large Integer Factorization Algorithm and Its Practice

In 1977, RSA (Rivest–Shamir–Adleman), a cryptosystem based on factorizing large integers was born. Until today, the integer factorization problem remains one of the most crucial subjects in…

Security & Research

Enhancing Security on MPC Wallet-dYdX Connections

Safeheron recently disclosed potential Signature-derived Key Risk when MPC wallets interacting with specific dApps, like dYdX. What security issues are concerned? And how we can mitigate its impact…

Security & Research

A Deep Dive of HOW Profanity Caused Wintermute to Lose $160M

Wintermute suffered a $162.2 million loss due to a brute-force key exploit. And, hackers also utilized the same vulnerability to steal 3.3 million the other day. Profanity appears to be a crucial factor here…

Security & Research

Ed25519 Use Risks: Your Wallet Private Key Can Be Stolen

Due to inconsideration and misuse of Ed25519, the attackers may extract the private key with two different signatures for the same message. Let's dive deep into the technical side...