Crypto Wallet Vulnerabilities Discovered by Fireblocks
Crypto infrastructure company Fireblocks has identified a set of vulnerabilities known as “BitForge” that pose a threat to popular crypto wallets that use multi-party computation (MPC) technology. These vulnerabilities were classified as “zero-day,” meaning they were unknown to the developers of the affected software before Fireblocks disclosed them.
Main Breakdowns:
- Fireblocks has identified vulnerabilities in crypto wallets using MPC technology
- Attacks could have resulted in the theft of funds from millions of retail and institutional customers
- Major companies have worked with Fireblocks to address the vulnerabilities
- The complexity of the attacks makes it unlikely they were discovered by malicious actors before disclosure
- The incident raises concerns about the safety of MPC wallets
Concerns about the Security of MPC Wallets
The vulnerabilities discovered by Fireblocks raise concerns about the safety of supposedly ultra-safe multi-party computation (MPC) wallets. MPC technology was designed to eliminate single points of failure by splitting a user’s private key across multiple parties. However, the BitForge vulnerabilities would have allowed a hacker to extract the full private key if they compromised just one device, undermining the multi-party aspect of MPC.
Response from Coinbase and Binance
Coinbase stated that its user-facing wallet service, Coinbase Wallet, was not affected, but its Wallet-as-a-Service (WaaS) offering was technically vulnerable before the company implemented a fix. Binance CEO Changpeng Zhao revealed that the issue was present in the TSS Library Binance open-sourced, but it has been fixed.
Hot Take
The discovery of vulnerabilities in MPC wallets highlights the ongoing need for strong security measures in the crypto industry. It is crucial for companies to remain vigilant and address any potential vulnerabilities promptly to protect customer funds and maintain trust in the system.
By
By
By
By
By
By