Fireblocks Uncovers Critical Vulnerabilities in Major Wallets

Fireblocks Uncovers Critical Vulnerabilities in Major Wallets

Fireblocks' research team shared the discovery of critical vulnerabilities in dozens of major web3 wallet providers yesterday. 

The Deets

  • Zero-Day Vulnerabilities Discovered: These flaws were found in protocols like GG-18, GG-20, and Lindell 17 implementations.
  • Impact: Vulnerabilities would enable attackers to instantly drain funds from many wallets without the knowledge of users or vendors.
  • Affected Wallet Providers: Prominent wallets like Coinbase WaaS, Zengo, and Binance were impacted.
  • Remediation: Coinbase WaaS and Zengo have addressed and resolved the identified issues post-disclosure.

The Bulk

In a monumental revelation, the Fireblocks Cryptography Research Team has laid bare the existence of multiple zero-day vulnerabilities in some of the most prevalent cryptographic multi-party computation (MPC) protocols. If these vulnerabilities had not been identified and resolved, they would have opened up the potential for malicious actors to siphon off funds from a wallets, unbeknownst to the wallet users or providers.

Dubbed "BitForge," this series of vulnerabilities has had a significant impact on well-known wallet providers including Coinbase WaaS, Zengo, and Binance. After adhering to the 90-day responsible disclosure norm, Coinbase WaaS and Zengo have managed to rectify the issues, ensuring the safety of their user base.

These findings were presented during the Black Hat USA conference and are slated for sharing at Defcon. Pavel Berengoltz, Co-founder & Chief Technology Officer at Fireblocks, underscored the imperative nature of robust security measures, especially given the surge in decentralized finance and Web3.

While praising the responsible actions of Coinbase WaaS and Zengo in resolving the vulnerabilities, Pavel mentioned that companies should be proactive and diligent in updating their core infrastructure technologies. Especially since thefts and cyberattacks in the first half of 2023 alone amounted to nearly $500 million.

❗Why It Matters

The identification and mitigation of these vulnerabilities is pivotal. As the digital asset industry grows, ensuring the security of wallets and key management providers becomes paramount, dictating the overall health and trust in the ecosystem.

🎤 Founder Feedback

Maintaining a fully trustless cryptographic model is crucial for broader technology adoption. A high industry safety standard is imperative.Jeff Lunglhofer, Chief Information Security Officer at Coinbase

🔜 What's Next?

Fireblocks rolled out the BitForge Status Checker to aid projects in determining potential exposure to affected MPC implementations. 

For more web3 and NFT news, visit the Lucky Trader newsfeed.

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.