Critical Crypto Wallet Vulnerability Exposed by Fireblocks, Urgent Security Concerns
More than 15 commonly utilized providers and initiatives related to cryptocurrency wallets have been found to possess significant vulnerabilities, potentially leading to the depletion of millions of cryptocurrency wallets, as stated by Fireblocks, a company specializing in digital asset infrastructure.
In an announcement on August 9th, Fireblocks revealed that these vulnerabilities, collectively named BitForge, target wallets that employ multi-party computation (MPC) technology. This technology enables multiple entities to jointly manage and oversee cryptocurrency assets.
These vulnerabilities, known as “zero day” vulnerabilities, were previously undiscovered by the projects in question.
If these vulnerabilities were to remain unaddressed, they could empower attackers and insiders with malicious intent to swiftly drain funds from the wallets of countless retail and institutional customers within seconds, all without the users or providers being aware.
Fireblocks noted that these BitForge vulnerabilities had an impact on numerous leading wallet providers, including major names like Coinbase, Zengo, and Binance.
After a customary “90-day disclosure period” initiated by Fireblocks, the aforementioned three companies managed to rectify the vulnerabilities that had been identified.
Coinbase’s Chief Information Security Officer, Jeff Lunglhofer, expressed gratitude to Fireblocks for uncovering and responsibly revealing the issue. He reassured that Coinbase’s customers and their funds had never faced any risk.
Zengo’s Chief Technology Officer, Tal Be’ery, also confirmed that the problem was promptly addressed without any impact on user funds.
Fireblocks has been actively identifying other entities potentially affected by similar security concerns and has communicated with them accordingly.
It is worth noting that MPC wallets function by encrypting a user’s private key and distributing it among multiple parties, usually encompassing the wallet owner, a wallet service provider, and another external party.
In theory, none of these parties should be capable of unlocking the wallet without first collaborating with the others. However, as detailed in Fireblocks’ technical reports on the BitForge vulnerabilities, these weaknesses would have enabled hackers to gain access to the complete private key by compromising a single device.
While the prevalence of MPC technology across the digital asset sector is promising, Fireblocks’ Chief Technology Officer and co-founder, Pavel Berengoltz, emphasized that not all developers and teams working on MPC solutions possess equal levels of proficiency.
According to Cointelegraph, Berengoltz encouraged companies engaging with Web3 technology to collaborate closely with security experts who possess the necessary expertise and resources to proactively identify and mitigate vulnerabilities.