https://feed.craftedsignal.io/tags/blockchain/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 09 Apr 2026 21:16:11 +0000https://feed.craftedsignal.io/briefs/2026-04-nimiq-timestamp-inflation/Thu, 09 Apr 2026 21:16:11 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-nimiq-timestamp-inflation/A vulnerability in nimiq-blockchain versions 1.3.0 and earlier allows malicious validators to manipulate block timestamps, leading to inflation of the monetary supply.Nimiq-blockchain, which provides persistent block storage for Nimiq’s Rust implementation, is susceptible to a critical vulnerability. In versions 1.3.0 and earlier, the block timestamp validation lacks an upper bound check against the wall clock. This flaw enables a malicious block-producing validator to set block timestamps to an arbitrarily distant future. The vulnerability directly impacts reward calculations within the blockchain, specifically through Policy::supply_at() and batch_delay() in blockchain/src/reward.rs. By manipulating these timestamps, attackers can inflate the monetary supply beyond the intended emission schedule. This poses a significant threat to the integrity and economic stability of the Nimiq blockchain.

Attack Chain

1. Attacker gains control of a block-producing validator node within the Nimiq blockchain network.
2. The attacker crafts a malicious block.
3. The malicious block is created with a timestamp set arbitrarily far into the future.
4. The vulnerable timestamp validation logic in Nimiq-blockchain (versions 1.3.0 and earlier) fails to detect the out-of-bounds timestamp due to the missing upper bound check.
5. The malicious block is accepted and added to the blockchain.
6. The inflated timestamp is used in reward calculations via Policy::supply_at() and batch_delay() functions in blockchain/src/reward.rs.
7. The attacker receives an unfairly large block reward due to the manipulated timestamp.
8. The total monetary supply of Nimiq is inflated beyond the intended emission schedule, devaluing existing holdings.

Impact

The successful exploitation of CVE-2026-40093 can lead to a significant inflation of the Nimiq cryptocurrency supply. While the precise number of affected users or specific financial losses is currently unknown, any validator capable of producing blocks could potentially exploit this vulnerability. If successful, this attack undermines the economic model of Nimiq, potentially causing a loss of confidence in the cryptocurrency and a devaluation of existing holdings.

Recommendation

• Upgrade to a patched version of nimiq-blockchain that includes a proper upper bound check on block timestamps to address CVE-2026-40093.
• Implement monitoring for sudden and unexpected increases in block rewards, focusing on inconsistencies with the expected emission schedule. This would require detailed knowledge of the blockchain’s reward algorithm.
• Review and harden the block validation logic within the Nimiq-blockchain implementation to prevent similar timestamp manipulation attacks in the future.

]]>highadvisoryblockchaintimestamp-manipulationinflationhttps://feed.craftedsignal.io/briefs/2024-01-bsv-ruby-sdk-vuln/Thu, 09 Apr 2026 18:17:03 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-bsv-ruby-sdk-vuln/BSV Ruby SDK versions before 0.8.2 improperly handle ARC responses, treating certain failure statuses as successful broadcasts, potentially tricking applications into trusting unaccepted transactions; version 0.8.2 resolves this vulnerability.The BSV Ruby SDK, a tool for interacting with the BSV blockchain, contains a vulnerability in versions prior to 0.8.2. Specifically, the BSV::Network::ARC component’s failure detection mechanism is flawed. It only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED ARC responses as failures. Responses with txStatus values like INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing string in extraInfo or txStatus are incorrectly treated as successful broadcasts. This can lead applications that rely on successful broadcast confirmations to trust transactions that were never actually accepted by the BSV network. The vulnerability is identified as CVE-2026-40069 and is patched in version 0.8.2 of the SDK. This affects any application using the vulnerable SDK to interact with the BSV blockchain where transaction confirmation is critical for subsequent actions.

Attack Chain

1. An attacker crafts a transaction designed to fail under specific conditions on the BSV network (e.g., invalid format, conflicts with existing transactions).
2. The attacker uses an application built with a vulnerable BSV Ruby SDK (versions < 0.8.2) to broadcast the malicious transaction.
3. The BSV network responds with an ARC response indicating a failure status, such as INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or a status containing ORPHAN.
4. The vulnerable BSV::Network::ARC component in the SDK incorrectly interprets the failure response as a successful broadcast due to inadequate error handling.
5. The application, relying on the SDK’s flawed confirmation, proceeds with actions dependent on the transaction’s supposed success.
6. These actions could include updating local state, triggering further transactions, or providing access to resources based on the false confirmation.
7. The attacker benefits from the application’s misinterpretation, potentially gaining unauthorized access or manipulating the application’s state.

Impact

Successful exploitation of CVE-2026-40069 allows attackers to deceive applications using vulnerable BSV Ruby SDK versions into believing that a transaction has been successfully broadcast to the BSV blockchain when it has not. This can lead to incorrect application state, unauthorized actions, or other security breaches depending on the application’s logic. While the exact number of affected applications isn’t specified, any application relying on transaction confirmation from the BSV Ruby SDK prior to version 0.8.2 is potentially vulnerable. This could impact financial applications, supply chain management systems, or any other application using the BSV blockchain for critical operations.

Recommendation

• Upgrade all instances of the BSV Ruby SDK to version 0.8.2 or later to remediate CVE-2026-40069.
• Implement additional transaction verification mechanisms independent of the BSV Ruby SDK in applications where transaction confirmation is critical.
• Deploy the Sigma rule “Detect BSV Ruby SDK ARC Response Errors” to identify potentially vulnerable applications based on network traffic patterns.

]]>highadvisorybsvrubyblockchainvulnerabilityhttps://feed.craftedsignal.io/briefs/2024-01-nimiq-block-quorum-bypass/Tue, 02 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-nimiq-block-quorum-bypass/A vulnerability exists in Nimiq Block's SkipBlockProof verification process, allowing attackers to bypass quorum checks by manipulating MultiSignature signers with out-of-range indices, potentially compromising blockchain integrity, and affecting rust/nimiq-block versions 0.2.0 and earlier.A critical vulnerability has been identified in the Nimiq Block’s SkipBlockProof::verify function within the rust-albatross core. This vulnerability stems from the way the quorum check is performed. The vulnerability lies in the ability to craft MultiSignature.signers that contain out-of-range indices spaced by 65536, inflating the len() calculation but colliding onto the same in-range u16 slot during aggregation due to truncation. The vulnerability affects rust/nimiq-block versions <= 0.2.0. Successful exploitation allows a malicious validator with significantly fewer than the required 2f+1 signer slots to pass skip block proof verification. This bypasses the intended security mechanisms, potentially undermining the blockchain’s consensus and integrity.

Attack Chain

1. Attacker identifies a Nimiq Block instance running a vulnerable version (<= 0.2.0) of the rust/nimiq-block package.
2. The attacker crafts a malicious MultiSignature.signers payload.
3. The malicious payload contains out-of-range indices spaced by 65536. These indices are specifically designed to inflate the BitSet.len() calculation used in the quorum check.
4. During verification within SkipBlockProof::verify, the usize indices are cast to u16 (slot as u16) for slot lookup.
5. Due to the u16 truncation, the out-of-range indices collide onto the same in-range slot. This creates an artificial aggregation of signatures.
6. The attacker multiplies a single BLS signature by a factor to match the inflated len() value.
7. The manipulated SkipBlockProof passes the quorum check due to the inflated len() and signature aggregation.
8. The malicious skip block is accepted, potentially leading to consensus manipulation or other attacks on the blockchain.

Impact

Successful exploitation of this vulnerability allows a malicious validator to bypass the standard quorum requirements for skip block proof verification. This means that a single compromised validator or a small group of colluding validators can inject fraudulent blocks into the blockchain, potentially leading to double-spending, denial-of-service, or other attacks that compromise the integrity and availability of the Nimiq blockchain. Given the severity of these potential outcomes, this vulnerability poses a critical risk to any system relying on affected versions of Nimiq Block.

Recommendation

• Upgrade to rust/nimiq-block version 1.3.0 or later, which includes the fix for CVE-2026-33471.
• Monitor network traffic for anomalies related to skip block submissions, focusing on unusually large MultiSignature.signers payloads with indices spaced by multiples of 65536. Create a network monitoring rule.

]]>mediumadvisoryblockchainquorum bypassnimiqrust