Crypto infrastructure company Fireblocks has identified a set of vulnerabilities known as "BitForge" that pose a threat to popular crypto wallets that use multi-party computation (MPC) technology.
These vulnerabilities were classified as "zero-day," meaning they were unknown to the developers of the affected software before Fireblocks disclosed them, the company said in a Wednesday press release.
Major companies such as Coinbase, ZenGo, and Binance have worked with Fireblocks to address the vulnerabilities and prevent potential exploits.
In the announcement, Fireblocks said the attackers could have used the vulnerabilities to drain funds from the wallets of "millions of retail and institutional customers in seconds, with no knowledge to the user or vendor."
Generally, to exploit these vulnerabilities, an attacker would need to compromise a wallet user's device or break into the internal systems of the wallet service or a third-party custodian with access to a piece of the encrypted private key.
The specific steps depended on the wallet being used.
Fireblocks has also identified other teams that might be impacted and has reached out to them through the industry-standard 90-day responsible disclosure process.
Fireblocks CEO Michael Shaulov said that although the vulnerabilities could have been exploited, the complexity of the attacks made it unlikely that they were discovered by malicious actors before Fireblocks disclosed them.
While the vulnerabilities may have been patched in major wallets, the incident raises concerns about the safety of supposedly ultra-safe multi-party computation (MPC) wallets.
MPC technology in crypto wallets was designed to eliminate single points of failure by splitting a user's private key across
Read more on cryptonews.com