The cryptocurrency community warns about the safety of networks using technology called Reliable Execution Environments (TEEs) after suspected detection of exploits or vulnerabilities that put nodes that rely on this solution at risk.
On October 1st, Yannik Schrade, CEO of Arcium, a company that develops encryption solutions, wrote about the attack on his X account and expressed his opinion on the use of tee.
The tee was completely compromised. In summary, new exploits make them completely exploitable. Many “privacy” projects in cryptocurrency use them. Tea does not provide privacy or security.
Yannik Schrade, CEO of Ark.
Tee is the execution environment They act as “safe boxes” In the computer processor. They allow you to run sensitive applications isolated from the operating system and protect data and processes that you don’t want to reveal.
Manufacturers such as Intel and AMD offer these solutions under brands such as Intel SGX, Intel TDX, AMD SEV-SNP, and are adopted by Cryptocurrency Projects. Enhance the privacy of your node or validator.
Schrade shared the photos. There, we point out what eee is (in the red box).
Some of the networks mentioned by Schrade include Phala Network, Secret Network, Super Protocol, and Oasis.
Also, according to the developers of Ethereum Ecosystem, known as Fede’s intern, «Tea is a disaster. Get them from them».
But while Schrade has denounced Tee’s vulnerability, he also promotes crypto-based alternatives sold by his company, promoting the possibility of conflicts of interest.
«What is the alternative? Encryption. Encryption has always been the only solution. More specifically, it’s encrypted calculations,” he says.
He then explains that his team works in a protocol that attempts to provide encryption calculations without a physically stored private key.
AMD spoke about vulnerabilities affecting TEE and confirmed that they have no plans to implement mitigation measures as the vulnerabilities detected are not within the scope of the threat model published for SEV-SNP. Intel’s statements go along the same line.
Cheap and impact on networks
The exploits described by Schrade allow physical access to the hardware. Completely destroy Intel SGX, Intel TDX, AMD SEV-SNP.
“Even amateur level attackers can extract the proof key and secrets of the enclave,” he said.
In distributed networks where nodes and validators manage their own hardware, Physical access is not always controlled. Schrade argues that this makes it impossible to guarantee privacy or integrity. “They provide a false promise of security,” he says.
I’m a cloud service provider They usually rule out physical attacks in threat models,Many deployments of production ignore the limitations and trust that hardware provides security against any kind of intrusion.
This leaves doors open to attackers with physical access to the machine, especially in distributed environments. Nodes are operated by third parties And there is no direct control over that infrastructure.
The severity of this exploit is increased For decentralization of nodes,The global distribution at various physical points multiplies possible attack points, making network defense more difficult to protect against local intrusions.
According to Schrade, intervention on a DRAM bus is sufficient to perform this type of exploit, extracting data from the enclave.
The DRAM bus is an internal channel that connects the system’s main memory (RAM) to the processor. Everything that is processed in the enclave will inevitably pass through that channel. Place the device or tool between both components You can capture or modify information in transit.
“Attacks cost literally about $10 and don’t require a lot of technical knowledge,” Schrade said.
Encryption for trusted hardware
Eli Ben-Sasson, CEO of Starkware (the company behind the second tier of Ethereum behind Starknet), also warned that tees should not be used in distributed network infrastructures.
Each tee contains a secret key inside. Extracting that key will lose all security. And since the key is physically there, there is an amount to extract, and the cost continues to decrease over time.
Eli Ben-Sasson, CEO de Starkware
He explained that each tee is held inside a secret key and physically exists. You can extract it by paying the fee.
Simply put, Ben-Sount says that the secret keys in the tee are out of hand. If someone has physical access to the hardware, they can develop or buy techniques to extract them.
That’s why he argues that in a distributed environment, tees cannot be trusted to protect important data.
On his side, the developer Landhindi explained:
This attack allows anyone with physical access to a tee node in the blockchain to access all the data encrypted there. The report includes four proof-of-concept tests in the main chain. Anyone who runs a validator or a full node can run this attack for just $1,000.
Land Hindi, cryptocurrency ecosystem developer.
Hindi emphasizes that there is no technical solution to this, Prevents unreliable people from manipulating nodesor force the use of a cloud supplier. “This means that a single malicious node compromises everything and you can’t have a validator and supplier running your own hardware.”
Finally, the developer I’ll send the problem to Intel:
The worst thing is that it wasn’t the Tee Protocol’s fault, but it was Intel’s fault for ruining its encryption implementation and ending it with deterministic memory encryption. And Intel doesn’t fix it as it’s out of reach of his threat model. So, stop taking shortcuts and start using actual encryption as FHE. It works, is fast and safe.
Land Hindi, cryptocurrency ecosystem developer.
This case reveals the dilemma between trusting closed hardware and applying open encryption.
Schrade’s statement, Ben Sasson and Hindi agree that for truly distributed infrastructure, security must be based on proven mathematics. It’s not a removable physical secret.
