Fireblocks Uncovers Vulnerabilities Present in Major Wallet Providers
In Brief
Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.
Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk.
Enterprise crypto management platform Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.
Numerous organizations and retail consumers all over the world trust and rely on multi-party computation as the industry standard for wallet security. The Fireblocks research team has examined dozens of publicly accessible MPC protocols and wallet providers to promote MPC security.
According to the announcement published on X on August 9, the company’s researchers have uncovered vulnerabilities in over fifteen major wallet providers. These vulnerabilities allow attackers to retrieve a private key from a single device.
Among the vulnerable implementations of MPC protocols are GG-18, GG-20, and Lindell 17. The Lindell 17 vulnerability is a result of implementations processing failed signatures incorrectly and departing from the academic paper’s requirements. After around 200 signature requests, the vulnerability enables an attacker to steal the key by taking advantage of the wallet provider or user who completes the signing procedure. The GG-18 and GG-20 protocols were updated in 2020 to fix a vulnerability. However, these changes introduced a new vulnerability. The way a wallet provider implements these protocols determines how serious the vulnerability is. For instance, some implementations only need 16 signatures to retrieve the key, while others may need as many as one billion.
According to Fireblocks’ announcement, attacks can only last a few seconds in certain implementations without the user or vendor being aware of them.
Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk. Notably, the MPC-CMP and MPC-CMPGG protocols implemented by Fireblocks are unaffected, and the company’s clients’ funds remain secure.
Read more:
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related. Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities. You can contact her at valerygoncharenko@mpost.io
More articles
Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related. Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities. You can contact her at valerygoncharenko@mpost.io
