Amber Group, a leading provider of digital wealth management and crypto native liquidity solutions, has announced that its NTFS3 fuzzing research has been accepted for presentation at Black Hat Asia 2023. The conference, held in Singapore from May 9th to 12th, is a premier event in the field of information security. Amber Group’s Partner and Head of Web3 Security Team, Dr. Chiachih Wu, and fellow security researcher Edward Lo, presented the research findings and introduced Papora, the first effective NTFS3 fuzzer developed by the team.
The blockchain ecosystem has been plagued by malicious hacks, resulting in significant financial losses. Although many of these attacks are related to smart contracts, it’s important to acknowledge the role of blockchain client software in achieving consensus and securing networks. According to statistics from ethernodes.org, over 95% of Ethereum mainnet nodes run Ethereum client software on Linux, underscoring the importance of the operating system in blockchain infrastructure.
To address this issue, Amber Group’s Web3 Security Team partnered with Peking University to investigate the causes and vulnerabilities in the Linux kernel. Using their self-developed Papora fuzzer, the team has identified twelve zero-day vulnerabilities in the NTFS3 file system, nine of which had already been released with Linux v6.2. This significant achievement has been recognized by the Workshop on Offensive Technologies 2023 (WOOT ’23), where the team has been invited to present their research paper in San Francisco on May 25th.
Dr. Wu emphasized the importance of collaboration between security researchers and practitioners in addressing the complex security challenges facing Web3. He believes that only by working together and leveraging collective expertise can Web3 and blockchain security be effectively enhanced to ensure resilience against potential threats.
Dr. Wu, known as a top security researcher in blockchain, mobile, and virtualization security, joined Amber Group in early 2021. He currently leads the company’s Web3 Security Team, which consists of skilled security engineers and researchers dedicated to identifying and analyzing vulnerabilities and attack methods to improve Web3 and blockchain security. The team has successfully identified or reproduced over 100 web3 exploits, including high-profile cases such as the $160M Wintermute hack and the $30M Spartan Protocol exploit. Additionally, they have achieved notable victories in Capture the Flag competitions, ranking 1st at War Room Games Taipei 2023, 3rd at NormanCTF, and 6th at ParadigmCTF 2022.
Amber Group is a leading crypto finance services provider, offering digital wealth management and crypto-native liquidity solutions. The firm provides a comprehensive range of digital asset services, including liquidity provisioning, trading, financing, and investing. It is backed by prominent investors such as Fenbushi Capital US, Sequoia, Temasek, Paradigm, Tiger Global, Dragonfly, Pantera, Coinbase Ventures, and Blockchain.com.