Following the disclosure by the SlowMist security team yesterday that the UTXO multi-signature mechanism can be used to initiate fake recharge attacks on exchanges, Safeheron, a security partner in the SlowMist area, reported new threat intelligence, the well-known open source middleware Blockbook (Trezor Open source product) is also affected by this feature. Security Heron found that the MultiSig type transaction is not fully displayed in the results returned by Blockbook’s transaction data interface. If the output is a MultiSig script, Blockbook will select the last address in the script to display, which cannot be compared with ordinary address transactions. distinguish.
If exchanges, wallet clients or other centralized services only make credit judgments based on the results returned by Blockbook, it will cause misjudgment and false recharge.
Currently known tokens that may be affected by this multi-signature feature include BTC/LTC/DOGE/BCH/BSV/BHD/CPU/DFI/BTCV/BXC/ZCL. The SlowMist security team recommends that relevant operators pay attention to risk investigation.