BTC
$105,824.46
-
2.43%
ETH
$2,615.46
-
2.93%
USDT
$1.0003
+
0.02%
XRP
$2.2016
-
4.18%
BNB
$671.77
-
1.75%
SOL
$163.19
-
5.05%
USDC
$0.9999
+
0.02%
DOGE
$0.2051
-
8.18%
TRX
$0.2730
-
1.74%
ADA
$0.7086
-
5.51%
SUI
$3.4803
-
5.44%
HYPE
$33.41
+
0.20%
LINK
$14.55
-
7.20%
AVAX
$21.81
-
5.97%
XLM
$0.2743
-
4.05%
LEO
$9.2168
+
2.03%
TON
$3.3262
-
0.71%
BCH
$412.12
-
1.21%
SHIB
$0.0₄1335
-
6.94%
HBAR
$0.1762
-
4.76%
Logo
  • News
  • Prices
  • Data
  • Indices
  • Research
  • Events
  • Sponsored
  • Sign In
  • Sign Up
Markets
Share this article
X iconX (Twitter)LinkedInFacebookEmail

What the Foreshadow Flaw Means for the Future of Cryptocurrency

A new security flaw doesn't bode well for experimental cryptocurrency projects looking to use trusted hardware in the near future.

By Alyssa Hertig
Updated Sep 13, 2021, 8:17 a.m. Published Aug 16, 2018, 4:02 a.m.
laptop, light

UPDATE (16th August 19:11 BST): Updated to include an emailed statement from cryptocurrency startup Enigma.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Yet another dire security flaw was unveiled Tuesday with potential ripple effects across the tech world, including for cryptocurrency projects seeking to leverage certain hardware devices.

Following a pair of bugs unveiled earlier this year, the Foreshadow vulnerability impacts all Intel's Software Guard Extensions (SGX) enclaves, a special, supposedly extra-secure region of chip often used for storing sensitive data.

In short, while the enclave is supposed to be tamper-proof, a group of researchers found a way for an attacker to steal the information it stores.

For many, Meltdown and Spectre were spooky enough. The bugs impacted every single Intel chip, the hardware powering most of the world's computers. But, since it wasn't so easy to execute, there weren't many real-world attacks.

Foreshadow might not sound as bad because it impacts a more specific type of Intel hardware: SGX. However, since many cryptocurrency projects plan to use this technology, Foreshadow could have even worse ramifications for the cryptocurrency world.

Perhaps most notably, Signal creator Moxie Marlinspike is in the process of advising a new, allegedly greener coin called MobileCoin that puts SGX at the center, even raising $30 million to do so.

As a result, these projects will have to do some restructuring before launching for real.

"The findings released today absolutely have a broad impact on cryptocurrency projects," Cornell University security researcher Phil Daian told CoinDesk.

The good news, though, is that the researchers followed the security world's "responsible disclosure process" for revealing bugs, alerting Intel before showing it off so the tech giant could come up with a fix (which deployed a few months ago).

But the security world is making a lot of noise because that still might not be enough.

"It is likely that, because many of these systems are slow to upgrade and because many of these fixes require either involved or hardware upgrades, infrastructure will remain vulnerable to this class of attack for a long time," Daian said, adding:

"It would be surprising if at some point this flavor of attack is not used to steal cryptocurrency."

The good and the bad

But there's both good and bad news.

For one, it appears as though none of the high-profile SGX projects in cryptocurrency are yet being used to secure real money. "To my knowledge, there is no SGX system in production or widespread use in the space today," Daian said.

The bad news is there are a plenty of projects that want to use SGX, and maybe even have plans to do so soon. And the ideas are pretty cool.

MobileCoin

is perhaps the most ambitious since the project's developers want to replace miners, a crucial part of securing any cryptocurrency, with these enclaves to build a more energy-efficient cryptocurrency.

But there are plenty of others that want to use SGX for its security and privacy gains.

Enigma is using it in a unique bid to boost privacy in smart contracts, while wallet hardware company Ledger went as far as to partner with the tech giant Intel to explore using SGX as a new avenue for storing private keys. And the list goes on and on.

Enigma argued, however, that the impact of the bug has been overblown.

"Like any software or hardware, the discovery and resolution of potential vulnerabilities is a normal and expected part of the development process. In this case, the vulnerability has already been addressed by Intel and does not in any way diminish the potential for SGX technology," Enigma CEO and co-founder Guy Zyskind said in a statement.

Zyskind added that Enigma's "proud" to be working with Intel and believe their work with SGX is crucial to cryptocurrency's future, as they're creating "robust privacy solutions that will finally allow decentralized applications to work and be adopted at scale."

These huge benefits are still not stopping some researchers from worrying about its impact, though.

"The SGX attack is devastating," Kings College London assistant professor Patrick McCorry told CoinDesk, adding that research groups have long been discussing how it can be deployed to add extra security to data.

"It can potentially undermine the integrity – and privacy – for any application that is reliant upon trusted hardware. A lot of companies in the cryptocurrency space rely on SGX to support multi-party protocols, but this attack allows any participant to cheat," he added.

"In my opinion, good SGX research and systems should assume hardware can always be broken at some cost, and should, as always, design defensively and include layered security," Daian said.

He went on to give some advice to companies that plan to launch soon.

"Projects planning to launch soon that rely on SGX should evaluate the vulnerabilities and any updates from Intel with caution for implications to the security of their systems, and should publish such investigations along with their code," he said.

The other bad news, though, is it's possible for hackers to find a new variant of the bug, similarly impacting all SGX chips.

"But as Foreshadow demonstrates, attacks only get better," McCorry remarked.

Sweet vindication

Meanwhile, the bug is leaving some developers feeling vindicated.

Because Intel has a backdoor into all SGX devices, it's long been a controversial tech avenue for cryptocurrency projects, with enthusiasts often arguing that using the technology puts too much power or trust in one company's hands.

Simply put, in their minds, the Foreshadow vulnerability is a good example of why not to put SGX at the cornerstone of a cryptocurrency project.

"Good thing we didn't adopt a certain professor's SGX-based bitcoin scaling solution!" tweeted pseudonymous bitcoin enthusiast Grubles.

"Though even *if* it had been somehow perfect, it was never a good idea to root the security of bitcoin in a chip vendor's secret sauce technology," Bitcoin Core maintainer Wladimir van der Laan responded.

But again, most projects using SGX haven't actually launched in production.

Some researchers went as far as to argue most cryptocurrency projects exploring SGX haven't actually used them on real money because Intel has such a bad reputation. The industry has been experimenting with the technology - but is too cautious to actually launch go through with it.

Some security researchers advise to continue on this trend – to not use SGX.

But other researchers are more optimistic that SGX, or something like it, could one day play a big role in cryptocurrency, seeing Foreshadow as a positive sign trusted hardware is being battle-tested.

"SGX will need to be repeatedly tested and broken by adversarial researchers until it can claim a strong degree of security, which will take years," Daian said, going on to add that he believes trusted hardware along the lines of SGX may one day play a big (and positive) role in cryptocurrency.

In short, it might just take some time, he argued, adding:

"Realizing such a technology certainly holds great promise for trust minimization and scalable privacy protection in cryptocurrency and beyond."

Laptop via Shutterstock

SecurityBugsFeaturesother-public-protocolsTechnology News
Alyssa Hertig

A contributing tech reporter at CoinDesk, Alyssa Hertig is a programmer and journalist specializing in Bitcoin and the Lightning Network. Over the years, her work has also appeared in VICE, Mic and Reason. She's currently writing a book exploring the ins and outs of Bitcoin governance. Alyssa owns some BTC.

X icon
CoinDesk News Image
Latest Crypto News
Article image

Bitcoin Whales Seem to Be Calling a Top as BTC Price Consolidates

22 hours ago

Bitcoin (BTC) price on May 19 (CoinDesk)

Bitcoin Climbs to $105K; Crypto ETF Issuer Sees 35% Upside

23 hours ago

Breaking News

Breaking New test

May 29, 2025

FastNews (CoinDesk)

Fast News test

May 29, 2025

Article image

Ethereum Surges 4% on Massive Volume as Institutional Interest Grows.

May 27, 2025

Article image

test research article

May 22, 2025

Top Stories
President Donald Trump (TheDigitalArtist/Pixabay)

Bitcoin Poised to Top Record as Trump Inauguration Nears, Major Coins Due for 10% Swings: Traders

Jan 16, 2025

SHIB-USD 1-month chart shows 24.57% gain ending at $0.00004146 on May 15

Shiba Inu (SHIB) Price Drops 7% in 24 Hours but Remains Up 25% Over the Past Month

May 15, 2025

(CJ/Unsplash)

XRP Futures Start Trading on CME

May 19, 2025

Tax sign (The New York Public Library/Unsplash)

Crypto Capital Gains and Tax Rates 2022

Nov 14, 2022

Swap

Atomic Swaps: What Are They & How Do They Work?

Jan 11, 2024

Bitcoin (BTC) price on May 19 (CoinDesk)

Bitcoin Climbs to $105K; Crypto ETF Issuer Sees 35% Upside

23 hours ago

Only 2 articles remaining this month.

Sign up for free

About

  • About Us
  • Masthead
  • Careers
  • CoinDesk News
  • Crypto API Documentation

Contact

  • Contact Us
  • Accessibility
  • Advertise
  • Sitemap
  • System Status
DISCLOSURE & POLICES
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.
EthicsPrivacyTerms of UseCookie SettingsDo Not Sell My Info

© 2025 CoinDesk, Inc.
X icon
Sign Up
  • News
    Back to menu
    News
    • Markets
    • Finance
    • Tech
    • Policy
    • Focus
  • Prices
    Back to menu
    Prices
    • Data
      Back to menu
      Data
      • Trade Data
      • Derivatives
      • Order Book Data
      • On-Chain Data
      • API
      • Research & Insights
      • Data Catalogue
      • AI & Machine Learning
    • Indices
      Back to menu
      Indices
      • Multi-Asset Indices
      • Reference Rates
      • Strategies and Services
      • API
      • Insights & Announcements
      • Documentation & Governance
    • Research
      Back to menu
      Research
      • Events
        Back to menu
        Events
        • Consensus Hong Kong
        • Consensus 2026
        • CoinDesk: Policy & Regulation
      • Sponsored
        Back to menu
        Sponsored
        • Thought Leadership
        • Press Releases
        • CoinW
        • MEXC
        • Phemex
        • Advertise
      • Videos
        Back to menu
        Videos
        • CoinDesk Daily
        • Shorts
        • Editor's Picks
      • Podcasts
        Back to menu
        Podcasts
        • CoinDesk Podcast Network
        • Markets Daily
        • Gen C
        • Unchained with Laura Shin
        • The Mining Pod
      • Newsletters
        Back to menu
        Newsletters
        • The Node
        • Crypto Daybook Americas
        • State of Crypto
        • Crypto Long & Short
        • Crypto for Advisors
      • Webinars & Events
        Back to menu
        Webinars & Events
        • Consensus 2025
        • Policy & Regulation Conference
      Select Language
      English enEspañol esFilipino filFrançais frItaliano itPortuguês pt-brРусский ruУкраїнська uk