Fireblocks discloses massive vulnerability affecting crypto wallets

cointelegraph.com:

Over 15 widely-used crypto wallet providers and projects have gaping vulnerabilities that could potentially see millions of crypto wallets drained, according to digital asset infrastructure firm Fireblocks.

In an Aug. 9 press release, Fireblocks said the series of vulnerabilities, dubbed BitForge, are affecting wallets using multi-party computation (MPC) technology, which allows for multiple parties to control and manage cryptocurrency holdings.

1/ The Fireblocks research team has uncovered BitForge, a set of vulnerabilities in some of the most widely adopted MPC protocols, that allow an attacker to retrieve a private key from a single device. Read on → https://t.co/xo2r9zgCvj pic.twitter.com/7q1nEeVBwO

The identified issues were disclosed as “zero day” vulnerabilities — meaning that the flaws had not previously been identified by the projects.

The firm disclosed that the BitForge vulnerabilities affected many of the top wallet providers, including Coinbase, Zengo and Binance. Following an industry-standard “90 day disclosure period” from Fireblocks, the three firms have since resolved the identified issues.

In a statement, Coinbase chief information security officer Jeff Lunglhofer thanked Fireblocks for identifying and responsibly disclosing the issue, adding that Coinbase customers and funds were never at risk. Zengo CTO Tal Be'ery noted that the issue was promptly fixed and no user funds were affected.

3/ We want to extend our gratitude to the researchers at Fireblocks for identifying this issue, conducting an ethical disclosure, and helping to improve the security of the ecosystem.

Fireblocks said it has worked to identify other firms that may be implicated in similar security concerns and have reached out to them.

MPC