CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$29,395.00
  • ethereum
    ETH$1,846.96
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    • Opinions
    CryptoPotato
    CryptoPotato
    • Crypto News
    • Margin Trading
    • Guides
      • Bitcoin & Crypto Guides 101
      • Bitcoin For Beginners
      • Editorials
    • DeFi & NFT
    • Buy
    • Language
    • Crypto News
    • Bitcoin For Beginners
    • Cryptocurrency Guides 101
    • Editorials
    • Bitcoin & Crypto Margin Trading
    • DeFi & NFT News
    • Bitcoin Price Analysis
    • CryptoPotato Crypto Fund
    • Ethereum (ETH) Price Analysis
    • Ripple (XRP) Price Analysis
    • Market Updates
    • Interviews
    • Buy Bitcoin with Card
    Home » Crypto News » Major Crypto Wallets Found Vulnerable To Key Extraction, Fireblocks Warns

    Major Crypto Wallets Found Vulnerable To Key Extraction, Fireblocks Warns

    Author: Andrew Throuvalas

    Last Updated Aug 10, 2023 @ 17:06

    Coinbase and Binance’s wallets were prone to the vulnerability, but both have already been patched.

    Crypto infrastructure giant Fireblocks has publicly revealed security vulnerabilities in the technology used by over a dozen major digital asset wallet providers.

    If unaddressed, the company warned that attackers could exploit the bugs to steal from millions of customers.

    The Bitforge Exploits

    The set of vulnerabilities – collectively referred to as “Bitforge” – apply to popular multi-party-computation (MPC) protocols, including GG-18 , GG-20, and Lindell17. These protocols allow cryptocurrency to be controlled and managed by multiple individuals and groups.

    “The BitForge vulnerabilities, if left unremedied, would enable attackers to exploit a newly discovered flaw in the GG18 and GG20 protocols by exfiltrating the full private key due to a missing zero-knowledge proof,” wrote Fireblocks in a statement on Wednesday.

    The company stated that all vendors using the protocols “should be considered vulnerable.”

    The Lindell17 vulnerability, it wrote, was due to wallet providers deviating from the academic paper, “creating a backdoor for attackers to expose part of the private key when signing fails.” The exploits have already been validated on major open-source implementations.

    ADVERTISEMENT

    Coinbase and Binance Affected, But Funds Are Safe

    In an accompanying press release, Fireblocks named popular providers including Coinbase WaaS, Zengo, and Binance as having been impacted by the vulnerabilities.

    However, having been privately notified by the firm beforehand, Fireblocks said the prior three firms have already patched the issues, and the relevant academic papers have been appropriately revised.

    “While Coinbase customers and funds were never at risk, maintaining a fully trustless cryptographic model is an important aspect of any MPC implementation,” said Jeff Lunglhofer, Chief Information Security Officer at Coinbase, regarding the patch.

    Binance CEO Changpeng Zhao also clarified on Thursday that the exchange has patched the vulnerability and that no user funds had been affected.

    https://twitter.com/cz_binance/status/1689556596332867584

    In a statement, Fireblocks CTO Pavel Berengoltz wrote:

    “While we are encouraged to see that MPC is now ubiquitous within the digital asset industry, it is evident from our findings — and our subsequent disclosure process — that not all MPC developers and teams are created equal.”

    The CTO noted that over $500 million were stolen in wallet thefts and attacks over the first half of 2023.

    SPECIAL OFFER (Sponsored)
    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.

    You Might Also Like:

    • Hacking
      Atomic Wallet Hackers Take Advantage of THORChain to Hide $35M
    • hacking
      Millions of XRP Stolen in Atomic Wallet Hack Leaking to Exchanges (Analysis)
    • Money_Laundering
      Atomic Wallet Hacker Funnels Stolen Crypto to North Korea-Tied Coin Mixer: Elliptic
    Tags: Hacking
    Enjoy reading? Share with your friends
    Facebook Twitter LinkedIn Telegram

    About The Author

    Andrew Throuvalas
    More posts by this author

    Andrew is a content writer with a passion for Bitcoin. He became familiar with Bitcoin back in 2013, but began diligently studying the blockchain technology and its economic implications in 2017. Ever since, he’s believed in the network’s power to replace the current global monetary system, and provide financial freedom to billions worldwide.
    Contact: Medium | LinkedIn | Twitter

  • bitcoin
    BTC$29,395.00
  • ethereum
    ETH$1,846.96
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    Editorials
    Wall Street Traders Are Using DeFi: Interview With dYdX Foundation’s VP of Strategy, David Gogel

    Wall Street Traders Are Using DeFi: Interview With dYdX Foundation’s VP of Strategy, David Gogel

    This Will Trigger Crypto’s Mass Adoption Next Years: Animoca Brands’ Yat Siu

    This Will Trigger Crypto’s Mass Adoption Next Years: Animoca Brands’ Yat Siu

    Facebook’s Answer to Twitter: A Complete Guide on Threads

    Facebook’s Answer to Twitter: A Complete Guide on Threads

    What is a Meme Coin? The Biggest Meme Coins You Must Know About

    What is a Meme Coin? The Biggest Meme Coins You Must Know About

    The Weaknesses of Ethereum VS Modern Blockchains: Interview With Radix

    The Weaknesses of Ethereum VS Modern Blockchains: Interview With Radix

    Institutions Intend to Buy Bitcoin in Late 2023: Interview With CryptoQuant

    Institutions Intend to Buy Bitcoin in Late 2023: Interview With CryptoQuant

    Why Didn’t ETH Dump After Shanghai? Interview With Nansen

    Why Didn’t ETH Dump After Shanghai? Interview With Nansen

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    Footer Logo
    About
    Advertise on CryptoPotato
    About Us | Contact Us | Careers
    Editorial Policy
    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!