Bitcoin, Ethereum – cryptocurrencies are repeatedly the focus of cyberattacks. The growing investment in cryptocurrencies is rapidly increasing their economic value, making them an attractive and lucrative target. After all, digital money is nothing more than data records that can be manipulated – unless trustworthy protective measures are in place. Researchers at Ruhr University Bochum have now discovered a vulnerability that undermines trust in certain technologies.
In their paper “The Forking-Way: When TEEs meet Consensus,” a team from the Chair of Information Security at the Bochum Faculty of Computer Science uncovered a critical security vulnerability in TEE-based blockchains. They investigated the effects of so-called forking attacks on a total of 29 systems. The paper was presented in February 2025 at the prestigious Network and Distributed System Security (NDSS) Symposium in San Diego, California.
Blockchain secures cryptocurrencies
The advent of blockchain technology paved the way for the remarkable success of cryptocurrencies – digital currencies that operate in a decentralized fashion, without reliance on central institutions, and leverage various mechanisms to ensure maximum security. "Blockchain enables multiple parties to agree on the validity and sequence of payments without relying on a trusted intermediary such as a bank. This promotes transparency and enhanced security," explains CASA PI and HGI speaker Ghassan Karame. However, blockchains require the exchange of all data among verifiers – a feature that can pose challenges in terms of data protection and privacy.
One solution to address this problem is the integration of specific trusted hardware: so-called Trusted Execution Environments (TEEs) act like digital safes, creating a secure environment for computations by keeping data confidential and preventing any deviations from the intended execution flow. When combined with blockchains, TEEs enable verifiers to process data without ever accessing it directly. In addition to protecting data, TEEs also guarantee execution integrity – meaning that the code is trusted to process data correctly, eliminating the need to verify every individual output.
Study on weaknesses in TEE-based blockchains
The research group - consisting of Annika Wilde, Tim Niklas Gruel, Claudio Soriente (NEC Laboratories Europe), and Ghassan Karame - criticizes the lack of consensus on combining blockchain and TEEs. The problem is that “working with TEEs and decentralized platforms demands specialized skills and knowledge that typical software developers may not possess,” warns Ghassan Karame. In a secure test environment and with the help of case studies, they investigated the impact of forking attacks on TEE-based blockchains used in practice.
In this context, "forking" refers to the creation of conflicting views of the (blockchain) state across different TEE instances. Such an attack undermines the trustworthiness of a TEE’s output. In TEE-based blockchains, this can lead to serious consequences – such as ignoring previously accepted payments or giving participants an unfair advantage in some application scenarios.
Based on their analysis, the researchers identified key vulnerabilities and successfully simulated such attacks on three systems: Phala, the Secret Network, and Ten.
“Responsible disclosure” with an impact
In accordance with the scientific code of cybersecurity - the principle of “Responsible Disclosure” - the entities concerned were not only made aware of the threat, but they were also offered effective countermeasures. One entity has already closed the security gap based on the proposed recommendations, while the other two are still working on a solution, guided by the research team.
Original publication
Annika Wilde, Tim Niklas Gruel, Claudio Soriente, Ghassan Karame: The Forking Way: When TEEs meet Consensus, NDSS 2025, USA, Download
Press contact
Ghassan Karame, ghassan.karame(at)rub.de
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.