HomeNewsMultiple Zero-Day Vulnerabilities in Cryptocurrency Wallets Expose User Funds

Multiple Zero-Day Vulnerabilities in Cryptocurrency Wallets Expose User Funds

NewsSecurity

Published on

By TecHeading
Multiple Zero-Day Vulnerabilities in Cryptocurrency Wallets Expose User Funds
Multiple Zero-Day Vulnerabilities in Cryptocurrency Wallets Expose User Funds

Fireblocks Cryptography Research Team has discovered a set of zero-day vulnerabilities named 'BitForge' in widely used cryptographic protocols, affecting popular cryptocurrency wallet providers.

A series of zero-day vulnerabilities, collectively named ‘BitForge,’ have been discovered in the implementation of widely used cryptographic protocols in popular cryptocurrency wallet providers. These vulnerabilities, affecting protocols such as GG-18, GG-20, and Lindell 17, pose a significant risk to the security of digital assets stored in impacted wallets.

Vulnerabilities and Impact

  1. GG18 and GG20 Threshold Signature Schemes (TSS): The first flaw (CVE-2023-33241) affects these threshold signature schemes, which are foundational for the multi-party computation (MPC) wallet industry. Attackers can exploit this vulnerability by sending a specially crafted message, allowing them to extract key shards and ultimately obtain the master secret key. The severity of the vulnerability depends on the implementation parameters, with different parameter choices leading to varying degrees of effort required to extract the full key[1].
  2. Lindell17 2PC Protocol: The second vulnerability (CVE-2023-33242) is found in the Lindell17 2PC protocol, commonly used in cryptocurrency wallets. This flaw arises from a mishandling of aborts by wallets, which inadvertently exposes bits of the private key during signing operations. Attackers can extract the entire private key after approximately 200 signature attempts.

Wallet Providers Affected

While Coinbase and ZenGo have applied fixes to address the BitForge vulnerabilities, Binance and several other wallet providers remain vulnerable. Fireblocks, the team that discovered the vulnerabilities, has created a status checker for projects to assess their exposure to risks resulting from improper MPC protocol implementations.

Response and Mitigation

Coinbase, in response to the disclosure, promptly fixed the flaws in its Wallet as a Service (WaaS) solution and expressed gratitude to the researchers for their responsible disclosure. It is crucial for wallet providers to maintain a fully trustless cryptographic model to protect user funds and ensure the broader adoption of this technology.

Conclusion

The discovery of the BitForge vulnerabilities highlights the ongoing need for robust security measures in the cryptocurrency industry. Wallet providers must remain vigilant in addressing vulnerabilities promptly to safeguard user funds and maintain trust in the ecosystem.

Previous article
Air Quality Forecasting: Combining Traditional and AI Methods
Next article
Contact Center Digital Transformation in the BFSI Industry 2023-2024

Latest articles

AI

Innovative AI Unveils Industrial Large-scale Model Products: Revolutionizing the Future of AI in Manufacturing

Discover how Qingdao Innovative AI Technology Group is revolutionizing the manufacturing industry with its industrial large-scale model products.
Chatbot

Unveiling the Decline in ChatGPT Popularity: A Comprehensive Analysis

Uncover the reasons behind ChatGPT's declining popularity with this comprehensive analysis.
AI

The Impact of AI on Jobs: Embracing Change and Adaptation

Discover the impact of AI on jobs and learn how it is reshaping the job market. Explore the concept of displacement versus elimination, and uncover opportunities for growth and innovation.
AI

Revolutionizing Code Generation: Meta AI Code Llama

Explore Code Llama by Meta AI - A pioneering AI for coding that merges natural language and intricate code creation.

More like this

AI

Innovative AI Unveils Industrial Large-scale Model Products: Revolutionizing the Future of AI in Manufacturing

Discover how Qingdao Innovative AI Technology Group is revolutionizing the manufacturing industry with its industrial large-scale model products.
Chatbot

Unveiling the Decline in ChatGPT Popularity: A Comprehensive Analysis

Uncover the reasons behind ChatGPT's declining popularity with this comprehensive analysis.
AI

The Impact of AI on Jobs: Embracing Change and Adaptation

Discover the impact of AI on jobs and learn how it is reshaping the job market. Explore the concept of displacement versus elimination, and uncover opportunities for growth and innovation.

Welcome to TechHeadings, your ultimate source for the latest technology news, updates, and insightful analysis. We are passionate about bringing you the most relevant and engaging content in the ever-evolving world of technology.

Subscribe

To get email updates from Today News.

2023 © TechHeadings by Mark