CertiK tested devices equipped with TEE-based dedicated wallets, revealing a major vulnerability in the trusted execution environment (TEE) of mobile devices. TEE has always been considered the ultimate defense for device security, requiring users to access TEE wallets through a PIN code when setting up wallets in "secure mode" on the device. However, CertiK's test results show that attackers can easily extract the PIN code stored in the TEE, and then access the wallet and obtain the private key, successfully stealing assets. The manufacturer of the test device quickly contacted CertiK and fixed the problem with the TEE seed library in the latest version. CertiK emphasized that Web3 users must remain highly vigilant and guard against implementation flaws in security measures. When necessary, professional third-party security audits and technologies should be sought to protect their assets.
Welcome Back
Click “Sign in” to agree to Cointime’s Terms of Service and acknowledge that Cointime’s Privacy Policy applies to you.
Join CoinTime
Already have an account?
Click “page.Sign up” to agree to Cointime’s <a class="underline" href="#term-of-service">Terms of Service</a> and acknowledge that Cointime’s a class="underline" href="#privacy-policy">Privacy Policy</a> applies to you.
Sign in with email
Sign up with email
Your email
Check your inbox
Click the link we sent to to sign in.
Click the link we sent to to sign up.
CertiK reveals critical vulnerability in mobile device Trusted Execution Environment (TEE)
-
Wechat scan to share
Recommended for you
-
Cointime's Evening Highlights for May 24th
1. CryptoPunks Launches “Super Punk World” Digital Avatar Series -
Pudgy Penguins and Lotte strategically cooperate to expand into the Korean market, and the floor price rose by 3.1% on the 7th
The NFT series "Pudgy Penguins" has recently announced a strategic partnership with South Korean retail and entertainment giant Lotte Group on the X platform to expand its market in South Korea and surrounding areas. More information will be announced in the future. According to CoinGecko data, the floor price of Pudgy Penguins is currently 11.8 ETH, with a 7-day increase of 3.1%. -
CryptoPunks Launches “Super Punk World” Digital Avatar Series
Blue-chip NFT project CryptoPunks announced the launch of "Super Punk World" on X platform, which is the project's first release of 500 digital avatars inspired by the iconic CryptoPunks features and combined with Super Cool World attributes. It is reported that the series may launch auctions in the future, and more details about the collection and auction of this series will be announced soon. -
Drift Foundation: The governance mechanism is gradually being improved, and DRIFT is one of the components
The Drift Foundation stated on the X platform that the DRIFT token is a component of governance and a key element in empowering the community to shape the future. The governance mechanism is gradually improving, and more information will be announced soon. -
U.S. senators propose spending $32 billion to develop AI and build safeguards around it
A bipartisan group of four senators led by Chuck Schumer, the leader of the majority party in the United States, has proposed that Congress spend at least $32 billion over the next three years to develop artificial intelligence (AI) and establish safeguards around it. -
CryptoQuant: Bitcoin demand is now in acceleration mode again after two months of decline
On May 16th, cryptocurrency analysis company CryptoQuant stated in a report that despite a rebound in Bitcoin demand from the low point of the accumulation range, after two months of downward trend, Bitcoin demand is once again in "acceleration mode". -
Fed's Schmid: Low interest rate environment "may not necessarily" return
The Federal Reserve's Schmid said that the overall economy is still strong. Inflation is still too high, and the Federal Reserve has more work to do. Interest rates may remain high for a period of time, and I prefer to reduce the Federal Reserve's balance sheet as much as possible under the premise of compliance with the operating framework. The low interest rate environment may "not necessarily" return. -
a16z partner: Americans have accepted digital assets, but current regulatory approaches limit innovation and privacy
Web3 supporter and a16z partner Chris Dixon (cdixon.eth) posted on social media that in the next two weeks, the House of Representatives will vote on the most important crypto legislation to date, the "21st Century Financial Innovation and Technology Act" (FIT21). We have long called for clear regulation to protect consumers and innovation, and the FIT21 bill will achieve this. -
Tether CEO: Ripple CEO's comments spread fear about USDT
According to reports, Tether CEO Paolo Ardoino responded to comments made by Ripple CEO Brad Garlinghouse in a recent interview about the stablecoin Tether (USDT) on social media. Garlinghouse stated in the interview that the US government is pursuing Tether, which is clear to me. Ardoino said that an uninformed CEO leading a company under SEC investigation launched a competitive stablecoin (cui prodest), spreading fear about USDT. Ardoino emphasized Tether's critical role in providing financial services to unbanked communities in emerging and developing regions, which are often overlooked by traditional financial institutions. He further asserted that Tether adheres to strict transparency and regulatory compliance standards, as evidenced by its compliance with the OFAC/SDN list, its partnership with Chainalysis, and its extensive collaboration with international law enforcement agencies to detect and prevent illegal activities, thereby enhancing the security of its ecosystem. -
CertiK Chief Security Officer: The number of security incidents as of September 2023 has exceeded the total in 2022
On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.
Daily Must-Read
-
Will this cycle skip Ethereum?
-
Genesis Global secures court approval for $3B payout
-
JPMorgan’s Onyx to industrialize blockchain PoCs from Project Guardian
-
OKX Ventures invests in Web3 ‘play ARPG to train AI’ game Blade of God X
-
Bitcoin volatility plunges below Tesla, Nvidia stocks amid $100K price prediction
-
What are tokenized commodities?
All Comments