Leading chipmakers have quietly acknowledged a fundamental, physical security failure in their industry-standard hardware enclaves, sparking an urgent debate across decentralized finance about whether cryptography alone is now the only viable path for building confidential systems.
In Brief
Trusted Execution Environments, technologies like Intel’s Software Guard Extensions and AMD’s SEV-SNP, were long positioned as the bedrock for confidential computing, promising an encrypted, secure vault within the processor itself. These enclaves were adopted by several major blockchain networks hoping to offer privacy features, allowing sensitive smart contract execution to happen without even the host operating system being able to peek inside.
The promise was compelling: high performance married to impenetrable security, suitable for permissionless environments where nodes run on untrusted hardware. That consensus shattered on October 1, 2025.
Two separate research teams published papers detailing severe vulnerabilities that allow a determined physical attacker to bypass these hardware protections using relatively low-cost external equipment. The core of the issue, experts noted, traced back to a fundamental design choice by the chip manufacturers: the use of deterministic encryption in memory protection.
For non-technical readers, this means the same secret information, when scrambled, always produces the identical scrambled output. This predictability is what allowed the attackers to exploit the system, as they could build a reference guide to unscramble the data they intercepted.
One of the attacks, dubbed Battering RAM, involved installing a custom hardware interposer; a physical device that sits between the CPU and the memory chips. This device, costing less than fifty dollars, actively manipulates memory signals.
For Intel SGX systems using a single encryption key for the whole protected memory range, this allowed the researchers to gain arbitrary read/write access to the plaintext data inside the enclaves. The danger here is profound: attackers could forge official attestation reports, the very mechanism meant to prove a node is trustworthy.
The other discovery, Wiretap, took a more passive approach, using a setup costing less than a thousand dollars to observe the memory traffic. By observing enough encrypted data, this team could exploit the predictable nature of the encryption to recover vital signing keys from just a single operation.
The researchers successfully demonstrated forging quotes that passed verification checks, even when the underlying system measurements were invalid.
The industry’s reliance on these technologies immediately came under scrutiny. The implication for decentralized networks is stark: if any node operator in a permissionless setup has physical access, they possess the means to compromise all encrypted data passing through their machine.
The response from the chipmakers themselves was noteworthy. Both Intel and AMD stated that these physical attacks fall outside the designed threat models for SGX and SEV-SNP.
Intel issued an advisory noting that the encryption used lacks the necessary integrity protections against these specific physical exploits. They recommended relying parties verify platform physical protections during attestation, shifting the burden of physical security onto the host provider.
This industry reality has accelerated calls for a complete pivot toward mathematical solutions, driven by experts who saw this event coming. Sergey Gorbunov, a cryptography expert and builder at Axelar, stated plainly that the attack on SGX “effectively marks the end of distributed confidential computing using TEEs.”
He emphasized that the chipmaker’s response confirmed this trajectory, concluding that “Pure cryptographic approaches, such as those based on Multi-Party Computation or Fully Homomorphic Encryption, remain the only acceptable choices for distributed ledgers” where physical access is possible.
Rand Hindi, CEO of ZAMA, echoed this sentiment regarding the severity and the required pivot: “A new major attack of TEE blockchains just got published, and it’s bad… There is no fix for this. The only ‘mitigation’ is to not allow untrusted people to run a node or force them to use a cloud provider.”
He advocates for moving to FHE, stating, “This isn’t FUD, TEEs are objectively not meant to be used when an attacker has access to it.” Even Wei Dai, Research Partner at 1kx, confirmed the attacks do not apply to newer Intel TDX platforms, but stressed the core risk: “If the physical host of the machine cannot be trusted… YES [you should be concerned].”
The path forward, as predicted by numerous sources, involves layered cryptography. For high-throughput systems, the future likely involves combinations like ZK-FHE.
While TEEs may persist as a secondary defense in managed cloud settings, the lesson for decentralized finance is clear: true trust must be rooted in mathematics, not in the physical integrity of a chip.
The revelations about hardware vulnerability shift the cryptographic challenge for decentralized systems. If the foundational silicon can be compromised, the entire ecosystem must look toward computation built entirely on mathematical proof.
This leaves the community to contemplate a crucial future question: How long until pure, verifiable cryptography overtakes performance as the absolute highest priority in network design?
