Fireblocks cryptography research team has unearthed BitForge, a cluster of zero-day vulnerabilities within the widely employed multi-party computation (MPC) protocols.
These vulnerabilities, impacting GG-18, GG-20, and Lindell17 protocols, have raised serious concerns as they pave the way for attackers to potentially steal funds from wallets and compromise users’ private keys.
Fireblocks is a cybersecurity company founded in 2018 that offers a secure platform for storing, transferring, and managing digital assets.
It uses a blend of hardware security modules, multi-party computation, and proprietary cryptography, to prioritize security while enabling efficient transactions.
The company’s technology allows multiple parties to initiate transactions without revealing complete keys, enhancing overall security.
In a bid to rectify the stated security breaches, Fireblocks said it employed a responsible disclosure approach.
This proactive step led to the swift action of several wallet providers, including major players like Binance, and fourteen others.
Changpeng Zhao (CZ), the CEO of Binance, acknowledged the issue’s presence in the TSS Library Binance had been open-sourced and subsequently fixed.
CZ expressed gratitude towards Fireblocks for unveiling the vulnerability and reassured the Binance community that no user funds had been compromised.
Fireblocks said that it has put its proprietary MPC protocols on a pedestal, unaffected by the BitForge vulnerabilities.
This immunity is attributed to the strategic employment of Zero Knowledge Proofs, ensuring a robust layer of security.
It added that the vulnerabilities in the armor of GG-18 and GG-20 protocols can be traced back to flawed implementations.
These protocols, considered industry standards for wallet security, have inadvertently introduced vulnerabilities that assailants could exploit.
Similarly, the Lindell17 protocol’s vulnerability was traced to deviations from its original blueprint, thereby leaving a backdoor susceptible to exploitation.
The BitForge revelation has prompted a call for greater collaboration among industry peers to fortify the cryptographic landscape.
