Fireblocks Discloses Vulnerabilities Impacting 15 Major Crypto Wallet Providers

Fireblocks, a crypto infrastructure firm, recently posted about the findings of their researchers regarding a “BitForge,” a set of zero-day vulnerabilities observed in multi-party computation (MPC) technology providers. The vulnerabilities enabled an attacker to theoretically access private keys, potentially allowing users to experience a theft of cryptocurrency. It was observed that the most widely-used and accepted protocols, GG-18 and GG-20 had a missing zero-knowledge proof, while the Lindell 17 protocol had a backdoor due to divergence from specifications

The zero-day attack, previously undiscovered, forced many popular digital asset wallet providers, blockchains and other such projects to quickly handle the vulnerability before any loss was recorded, and are said to have successfully mended any faults. Some of vendors known to have been affected by the disclosure include Coinbase, ZenGo, and Binance, who met with the researchers in order to comprehend the vulnerability and permit advantageous security initiatives. Coinbase has stated that their consumer product was safe against the attack.

“This is precisely what proactive safety and security collaboration resembles. The issue was addressed quite quickly and fortunately, no locations were impacted.” explained Tal Be’ery, the chief technology officer at ZenGo.

Robert Wilson author
Articles: 12195