Amber Group, a leading provider of digital wealth management and crypto native liquidity solutions, is proud to announce that its groundbreaking NTFS3 fuzzing research has been accepted for presentation at Black Hat Asia 2023, a premier conference on information security held in Singapore from May 9th to 12th.
Amber Group’s Partner and Head of Web3 Security Team, Dr. Chiachih Wu, and fellow security researcher Edward Lo, jointly presented the research findings and Papora, the first effective NTFS3 fuzzer developed by the team.
The blockchain ecosystem has been subject to numerous malicious hacks over the years, resulting in staggering financial losses.
While many of these attacks were related to smart contracts, it’s important to note that blockchain client software plays a critical role in achieving consensus and safeguarding networks. Statistics from ethernodes.org reveal that over 95% of Ethereum mainnet nodes run Ethereum client software on Linux, highlighting the operating system as a crucial component of blockchain infrastructure.
To address this issue, Amber Group’s Web3 Security Team partnered with Peking University for joint research to investigate the underlying causes and types of vulnerabilities in the Linux kernel. Using their self-developed Papora fuzzer, the team identified twelve zero-day vulnerabilities in the NTFS3 file system; nine of which had already been released with Linux v6.2, and three were accepted by the subsystem maintainer.
This significant achievement was additionally recognized by the distinguished Workshop on Offensive Technologies 2023 (WOOT ’23), receiving an invitation for the team to present their research paper at the 17th IEEE WOOT in San Francisco on 25 May.
“The recognition we’ve received from Black Hat Asia and WOOT is a testament to our team’s dedication and commitment to enhancing security measures,” says Dr. Wu.
“Amidst the persistent threat of hacking challenges in Web3, collaboration between security researchers and practitioners has become increasingly essential. Only by working together and leveraging our collective expertise can we effectively address the complex security challenges facing Web3 and ensure its resilience against potential threats.”
Dr. Wu, a top security researcher in blockchain, mobile, and virtualization security and co founder of PeckShield, joined Amber Group in early 2021.
He currently leads the company’s Web3 Security Team, a group of skilled security engineers and researchers committed to identifying, analyzing, and exposing vulnerabilities and attack methods to improve Web3 and blockchain security.
The team has identified or reproduced over 100 web3 exploits, including high-profile cases such as the $160M Wintermute hack and the $30M Spartan Protocol exploit. In addition to their impressive research, they’ve achieved notable victories in Capture the Flag competitions, ranking 1st at War Room Games Taipei 2023, 3rd at NormanCTF, and 6th at ParadigmCTF 2022.
[Editor’s Note: This article does not represent financial advice. Please do your own research before investing.]
Featured Image Credit: Amber Group