Crypto infrastructure giant Fireblocks identifies security vulnerabilities in digital asset wallet providers
Firebase has publicly disclosed security vulnerabilities in the technology used by major digital asset wallet providers. If left unaddressed, attackers could exploit these vulnerabilities to steal from millions of customers.
The Bitforge Exploits:
- Vulnerabilities, collectively known as “Bitforge,” affect popular multi-party-computation (MPC) protocols including GG-18, GG-20, and Lindell17.
- The GG-18 and GG-20 vulnerabilities allow attackers to exfiltrate the full private key due to a missing zero-knowledge proof.
- The Lindell17 vulnerability is a result of wallet providers deviating from an academic paper, creating a backdoor for attackers to expose part of the private key.
- Coinbase WaaS, Zengo, and Binance are among the affected providers, but they have already patched the issues.
Coinbase and Binance Affected, But Funds Are Safe:
Fireblocks named Coinbase WaaS, Zengo, and Binance as impacted providers, but these companies have already addressed the vulnerabilities.
Coinbase’s Chief Information Security Officer stated that customer funds were never at risk, but maintaining a fully trustless cryptographic model is crucial.
Binance CEO confirmed that the vulnerabilities have been patched and no user funds were affected.
Fireblocks CTO Highlights Industry Risks:
Fireblocks CTO emphasized that not all MPC developers and teams are equal, citing over $500 million stolen in wallet thefts and attacks in the first half of 2023.
Hot Take:
The disclosure of security vulnerabilities in digital asset wallet providers highlights the need for constant vigilance and proactive measures to protect customer funds in the crypto industry. While some major providers have promptly addressed the issues, the industry as a whole must prioritize security and industry-wide best practices to safeguard against future attacks.
By
By
By
By