Fire blocks Discloses Bitforge Vulnerabilities Affecting Dozens of Wallet Providers
Fireblocks, a digital assets security company, has disclosed vulnerabilities affecting several cryptocurrency wallets, collectively named
“Bitforge.” Through these vulnerabilities, criminals could steal millions in cryptocurrency without having direct contact with the owners of the wallet or its providers. While some providers have
already applied patches, others are
still vulnerable.
These vulnerabilities
attack the Multi-Party Computation (MPC) algorithms of several vendors.
Similarly,
the second vulnerability deals with Lindell17, a signing protocol. Fireblocks states this exploit
“originates from Lindell17 implementations deviating from the specification of the academic paper and ignoring or mishandling aborts in case of failed signatures.”
This vulnerability was discovered in the
Zengo wallet and later confirmed to work against
Coinbase Wallet as a
Service (WAAS), as in open-source protocol implementations.
Zengo and
Coinbase have already patched their wallets to deal with this exploit.
Due to the number of wallets potentially affected by this set of vulnerabilities,
Fireblocks has built a utility to allow wallet providers and users to check if their wallets can be exploited using these
vulnerabilities.