Missing from the article - the hacker first compromised Resolv Lab's AWS account, took a private key from KMS that was used to control minting, then managed to extract $25 million into ETH before all protocol functions were suspended.
^ this is a common security misconception in crypto. "We're using an HSM, they can't steal our private key." OK genius now you still have to secure the HSM.
There's no shortcut to MPC/multisig with 3+ keyholders.
> There's no shortcut to MPC/multisig with 3+ keyholders.
The whole concept of a stablecoin seems to be based on centralised trust.
Ultimately there is some org that has the fiat bank account, that mints and redeems the coins.
> The attacker compromised Resolv’s cloud infrastructure to gain access to Resolv’s AWS Key Management Service (KMS) environment where the protocol’s privileged signing key was stored.
Ok, but how was the AWS infrastructure compromised? This appears to be the crux of the entire article.
AWS is very hard to break if you are using the IAM roles properly and avoiding manual secret management. If the only thing that can even sign a JWT is a very specific blessed EC2 instance that has exclusive access to KMS, your attack surface is nearly zero by comparison to a similar setup where administrators use email or Discord to communicate API credentials.
The protocol around using an HSM is just as important as the machine itself. It seems like some of us are going to be speed running PCI-DSS the hard way.
They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.
So there was a traditional hack at the core of this heist, not just a smart contract exploit.
You shouldn't have a key that controls millions/billions of dollars on a cloud service. It should be on an airgapped laptop that was purchased anonymously, has never been connected to the Internet, and only runs software that has been vetted and loaded onto it via a CD-ROM or some other comparable method.
What is the point of stable coins? Like why does anyone buy them?
It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that.
They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are.
There isn't really a floor to their value, as demonstrated here.
I see plenty of downsides of owning one of these coins, but not a single upside?
Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
Has to be an inside job. One doesn’t just simultaneously hack into an AWS account, know exactly which key is needed for coin minting, and know internal details necessary to exploit a smart contract. The nature of the hack practically reveals their identity.
163 comments
> took a private key from KMS
They used KMS to sign the minting operation, but they didn't "take" the key, AWS KMS doesn't let you extract keys.
There's no shortcut to MPC/multisig with 3+ keyholders.
> you still have to secure the HSM
Obviously.
> There's no shortcut to MPC/multisig with 3+ keyholders.
The whole concept of a stablecoin seems to be based on centralised trust. Ultimately there is some org that has the fiat bank account, that mints and redeems the coins.
A step by step breakdown of the attack Step 1. Gaining Access to Resolv’s AWS KMS Environment
> The attacker compromised Resolv’s cloud infrastructure to gain access to Resolv’s AWS Key Management Service (KMS) environment where the protocol’s privileged signing key was stored.
Ok, but how was the AWS infrastructure compromised? This appears to be the crux of the entire article.
AWS is very hard to break if you are using the IAM roles properly and avoiding manual secret management. If the only thing that can even sign a JWT is a very specific blessed EC2 instance that has exclusive access to KMS, your attack surface is nearly zero by comparison to a similar setup where administrators use email or Discord to communicate API credentials.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-role...
The protocol around using an HSM is just as important as the machine itself. It seems like some of us are going to be speed running PCI-DSS the hard way.
They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.
So there was a traditional hack at the core of this heist, not just a smart contract exploit.
>"However, the hacker was only able to siphon off $25 million; the rest was locked into the protocol after system admins got alerted."
"Only" ?!!! Poor thing.
It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that.
They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are.
There isn't really a floor to their value, as demonstrated here.
I see plenty of downsides of owning one of these coins, but not a single upside?
Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
> Trump Administration Likely to Un-ban Bitcoin Mixers, Dept. of Treasury Says They are “Not Unlawful”
https://bfmtimes.com/trump-likely-to-un-ban-bitcoin-mixers/