One Malicious Byte Can Empty Your Bank Account

HashEx Security Alert: A Single Signature Could Drain Your Wallet

A critical security vulnerability has been discovered in the HashEx cryptocurrency exchange, which could potentially allow attackers to drain users' wallets with a single signature.

According to a security alert issued by HashEx, the vulnerability is related to the exchange's signature validation process, which allows an attacker to create a malicious transaction that could drain a user's wallet without their knowledge or consent.

The vulnerability, which has been assigned the identifier CVE-2025-1234, is rated as "high" severity and affects all users of the HashEx exchange, including those who have not yet enabled two-factor authentication.

To exploit the vulnerability, an attacker would need to create a malicious transaction that includes a specific signature, which would then be accepted by the HashEx exchange as a valid transaction. This could result in the attacker draining the user's wallet and stealing their cryptocurrency.

HashEx has issued a security patch to mitigate the vulnerability, and users are advised to update their software as soon as possible to ensure their wallets are protected.

The vulnerability was discovered by a security researcher who was testing the HashEx exchange's security features. The researcher has chosen to remain anonymous, but has worked with HashEx to develop a fix for the vulnerability.

The discovery of the vulnerability serves as a reminder of the importance of regularly testing and updating security features on cryptocurrency exchanges to prevent attacks and protect users' funds.

In a statement, HashEx said: "We take the security of our users' funds very seriously, and we are committed to providing a secure and reliable trading experience. We urge all users to update their software as soon as possible to ensure their wallets are protected."