Bitforge Vulnerabilities Disclosed
Fireblocks, a cryptocurrency assets security and consulting company, has publicly disclosed Bitforge is facing a set of wallet vulnerabilities potentially affecting millions of customers. The vulnerabilities attack the Multi-Party Computation (MPC) algorithms of several vendors.
- The first vulnerability is related to GG18 and GG20 protocols, allowing criminals to exfiltrate the private key and take control of the cryptocurrency in the attacked wallet.
- The second vulnerability deals with Lindell17, a signing protocol, and was discovered in the Zengo wallet and later confirmed to work against Coinbase Wallet as a Service (WAAS).
Jeff Lunglhofer, Chief Information Security Officer at Coinbase, thanked Fireblocks for the timely disclosure, stating that Coinbase customers and funds were never at risk.
Vulnerability Checker
Fireblocks has built a utility to allow wallet providers and users to check if their wallets can be exploited using these vulnerabilities. Currently, only Coinbase and Zengo are listed as secure against the Lindell17 exploit. Fireblocks explained that not all wallet providers are shown publicly to avoid harming their credibility.
Hot Take: The disclosure of Bitforge’s vulnerabilities by Fireblocks highlights the importance of robust security measures in the cryptocurrency industry. It also emphasizes the need for collaboration among industry players to strengthen security and protect user funds.
By
By
By
By