Business News Report Technology
August 10, 2023

Fireblocks Uncovers Vulnerabilities Present in Major Wallet Providers

In Brief

Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.

Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk.

Enterprise crypto management platform Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.

Fireblocks Uncovers Vulnerabilities Present in Major Wallet Providers

Numerous organizations and retail consumers all over the world trust and rely on multi-party computation as the industry standard for wallet security. The Fireblocks research team has examined dozens of publicly accessible MPC protocols and wallet providers to promote MPC security.

According to the announcement published on X on August 9, the company’s researchers have uncovered vulnerabilities in over fifteen major wallet providers. These vulnerabilities allow attackers to retrieve a private key from a single device. 

Among the vulnerable implementations of MPC protocols are GG-18, GG-20, and Lindell 17. The Lindell 17 vulnerability is a result of implementations processing failed signatures incorrectly and departing from the academic paper’s requirements. After around 200 signature requests, the vulnerability enables an attacker to steal the key by taking advantage of the wallet provider or user who completes the signing procedure. The GG-18 and GG-20 protocols were updated in 2020 to fix a vulnerability. However, these changes introduced a new vulnerability. The way a wallet provider implements these protocols determines how serious the vulnerability is. For instance, some implementations only need 16 signatures to retrieve the key, while others may need as many as one billion.

According to Fireblocks’ announcement, attacks can only last a few seconds in certain implementations without the user or vendor being aware of them.

Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk. Notably, the MPC-CMP and MPC-CMPGG protocols implemented by Fireblocks are unaffected, and the company’s clients’ funds remain secure. 

Read more:

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related. Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities. You can contact her at [email protected]

More articles
Valeria Goncharenko
Valeria Goncharenko

Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related. Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities. You can contact her at [email protected]

The Calm Before The Solana Storm: What Charts, Whales, And On-Chain Signals Are Saying Now

Solana has demonstrated strong performance, driven by increasing adoption, institutional interest, and key partnerships, while facing potential ...

Know More

Crypto In April 2025: Key Trends, Shifts, And What Comes Next

In April 2025, the crypto space focused on strengthening core infrastructure, with Ethereum preparing for the Pectra ...

Know More
Read More
Read more
Monad Launches Validator-Focused Testnet-2, Unveils Requirements And Selection Criteria
News Report Technology
Monad Launches Validator-Focused Testnet-2, Unveils Requirements And Selection Criteria
May 9, 2025
ArbitrumDAO Selects Franklin Templeton, Spiko, And WisdomTree For STEP 2 To Expand On-Chain Adoption Of Real-World Assets
News Report Technology
ArbitrumDAO Selects Franklin Templeton, Spiko, And WisdomTree For STEP 2 To Expand On-Chain Adoption Of Real-World Assets
May 9, 2025
Cronos EVM Deploys Stargate ETH And USDC Pools Following Integration With LayerZero Protocol
News Report Technology
Cronos EVM Deploys Stargate ETH And USDC Pools Following Integration With LayerZero Protocol
May 8, 2025
Space And Time Goes Live On Mainnet To Support Next Generation Of Data-Driven Crypto Apps
News Report Technology
Space And Time Goes Live On Mainnet To Support Next Generation Of Data-Driven Crypto Apps
May 8, 2025