In line with our commitment to continuous improvement and transparency, this article will address a vulnerability identified and resolved in July 2023. As we dive into the details, we want to assure everyone that there were no adverse effects on our services following the resolution. In addition, the non-custodial nature of our platform inherently safeguards our clients' assets, preventing total exposure to any platform vulnerabilities. On top of the internal review, we have engaged accredited external auditors to assess our system and organization controls, leading to the attainment of our SOC 2 Type 1 attestation. This attestation, aligning with AICPA standards, confirms the strength of our security, availability, and processing integrity controls.

The Scope

The vulnerability, associated with an open-source library called Tailon, was disclosed by one of our platform users from dWalletLabs. We immediately identified that 237 instances were in scope, of which 212 instances were deployed for our development and testing purposes, and 25 freshly deployed instances in the production environment. The instances identified in production constitute a fraction below 0.1% of the live nodes we have launched to date. We found that outside traffic, through a port 55555 opened for Tailon, could imitate viewer privileges and access a portion of the development and testing data. For example, the open-source blockchain binaries, snapshots of public blockchain data, and node logs on the instances.

While collaborating with the platform user to address the issues with port 55555, we also resolved vulnerabilities associated with other ports that had the potential to pose similar risks. Promptly responding to the situation, we blocked all external access to the affected ports and systematically removed Tailon from all instances identified and from the deployment code base. Following these measures, we rotated all credentials and keys within the platform. Postmortem investigation reveals no exploitation of this vulnerability within our systems.

Our Immediate Response

Following the discovery, our initial action swiftly removed Tailon from our system and disabled port 55555, which is crucial for eliminating immediate unauthorized access risks. Subsequently, we also resolved vulnerabilities associated with other ports that had the potential to pose similar risks. Further, we conducted a thorough data integrity check across all systems and nodes to ensure no compromise of sensitive information during the incident. As a precaution, we performed an extensive protocol assessment and upgrade, strengthening our infrastructure's defenses against future threats.

On top of addressing the issues directly, we conducted a thorough access control review and restricted system access to authorized personnel based on the need-to-know principles. Moreover, we invalidated and rotated all credentials on affected node instances to mitigate any potential exposure and secure our system against latent threats.

Beyond these measures, we craft security roadmaps, refine vulnerability reporting procedures, and enhance system controls, aiming not only to address immediate issues but also to integrate new best practices into our policies for the future.

Ongoing Initiatives and Preventive Measures

In response to the vulnerability and our initial containment measures, we have further strengthened our platform's security through ongoing initiatives and preventive measures. Key among these is the attainment of SOC 2 Type I attestation, a significant milestone that confirms our compliance with AICPA standards. This certification not only demonstrates our adherence to stringent security and availability controls but also enhances client trust and assures transparency in our operations​​​​.

Additionally, we launched the BlocGuardians Bug Bounty Program, inviting cybersecurity experts and enthusiasts to help identify and mitigate potential security weaknesses. This program is a testament to our proactive approach in maintaining a resilient and secure platform, especially in the dynamic and complex Web3 landscape. It underscores our commitment to leveraging community expertise for continuous improvement in our security practices, thereby safeguarding user data and assets against emerging threats​​.

Reaffirmation of Commitment

We remain steadfast in our commitment to providing secure, reliable blockchain services. This vulnerability, while a challenge, has reinforced our resilience and dedication to security. We warmly invite you to join our efforts of making the blockchain ecosystem safer and more robust, particularly through participating in the BlocGuardians Bug Bounty Program. This program is a cornerstone in our strategy to cultivate a secure, collaborative, and innovative environment.

Learn more and become an integral part of this initiative here.

Your trust is our highest priority, and we are relentlessly dedicated to enhancing our security measures to preserve and strengthen it.