Fireblocks Uncovers Vulnerabilities Present in Major Wallet Providers
Share this article
In Brief
Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.
Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk.
Enterprise crypto management platform Fireblocks has announced that it has uncovered the so-called “BitForge,” a series of zero-day vulnerabilities present in some of the most widely adopted secure multi-party computation (MPC) protocols.
Numerous organizations and retail consumers all over the world trust and rely on multi-party computation as the industry standard for wallet security. The Fireblocks research team has examined dozens of publicly accessible MPC protocols and wallet providers to promote MPC security.
According to the announcement published on X on August 9, the company’s researchers have uncovered vulnerabilities in over fifteen major wallet providers. These vulnerabilities allow attackers to retrieve a private key from a single device.
Among the vulnerable implementations of MPC protocols are GG-18, GG-20, and Lindell 17. The Lindell 17 vulnerability is a result of implementations processing failed signatures incorrectly and departing from the academic paper’s requirements. After around 200 signature requests, the vulnerability enables an attacker to steal the key by taking advantage of the wallet provider or user who completes the signing procedure. The GG-18 and GG-20 protocols were updated in 2020 to fix a vulnerability. However, these changes introduced a new vulnerability. The way a wallet provider implements these protocols determines how serious the vulnerability is. For instance, some implementations only need 16 signatures to retrieve the key, while others may need as many as one billion.
According to Fireblocks’ announcement, attacks can only last a few seconds in certain implementations without the user or vendor being aware of them.
Businesses should contact their providers and visit the BitForge Status Checker for additional information. As of the time of writing, Coinbase, Binance, and Zengo are secure. The other 12 companies are still at risk. Notably, the MPC-CMP and MPC-CMPGG protocols implemented by Fireblocks are unaffected, and the company’s clients’ funds remain secure.
Read more:
Disclaimer
Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.
The Trust Project is a worldwide group of news organizations working to establish transparency standards.
Valeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related.Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities.You can contact her at [email protected]
More articlesValeria is a reporter for Metaverse Post. She focuses on fundraises, AI, metaverse, digital fashion, NFTs, and everything web3-related.Valeria has a Master’s degree in Public Communications and is getting her second Major in International Business Management. She dedicates her free time to photography and fashion styling. At the age of 13, Valeria created her first fashion-focused blog, which developed her passion for journalism and style. She is based in northern Italy and often works remotely from different European cities.You can contact her at [email protected]
