Fireblocks Uncovers BitForge: Series of Security Vulnerabilities Affecting Crypto Wallets

It was discovered through a recent study carried out by Fireblocks that many crypto wallets are at risk of being drained due to a security flaw that exchanges do not know about. Fireblocks dubbed the security flaw BitForge. It is a series of vulnerabilities affecting wallets using multi-party computation (MPC) technology that allows multiple parties to control and manage cryptocurrency holdings. These security threats have never been identified, and have impacted several major crypto wallet providers, including Coinbase, WaaS, Zengo, and Binance.

BitForge can enable attackers to drain wallets without the knowledge of users or vendors. The potential draining of numerous retail and institutional investors’ wallets, with no immediate solution available, could lead to increased apprehension within the crypto industry. Thus, it becomes imperative for crypto exchanges to swiftly address the issue.

Addressing the problem proactively is essential, as attempting to resolve it once it starts happening might prove challenging because the whole draining process could be completed within seconds.

Pavel Berengoltz, co-founder of Fireblocks, emphasized the significance of web3 technologies collaborating with security experts with extensive knowledge to stay ahead of vulnerabilities. He stated:

“As decentralized finance and Web3 continue to gain popularity, the need for secure wallet and key management providers is evident. While we are encouraged to see that MPC is now ubiquitous within the digital asset industry, it is evident from our findings – and our subsequent disclosure process – that not all MPC developers and teams are created equal. Companies leveraging Web3 technology should work closely with security experts with the know-how and resources to stay ahead of and mitigate vulnerabilities.”

Numerous other crypto wallet providers have also been affected by this series of vulnerabilities. As a result, Fireblocks has introduced a BitForge checker to help exchanges and other wallet providers know if they are exposed.

Coinbase, Zengo, and Binance Have Addressed the BitForge Security Issue

Coinbase, Zengo, and Binance expressed gratitude to Fireblocks for identifying and responsibly disclosing the security issues before any losses occurred. Jeff Lunglhofer, Chief Information Security Officer for Coinbase, shared his thoughts on the matter:

“We would like to thank Fireblocks for identifying and responsibly disclosing this issue. While Coinbase customers and funds were never at risk, maintaining a fully trustless cryptographic model is an important aspect of any MPC implementation. Setting a high industry bar for safety protects the ecosystem and is critical to the broader adoption of this technology.”

The three exchanges mentioned that they have fixed the issues, assuring their customers about the safety of their services. They also emphasized the importance of partnering with security experts so as to stay ahead of potential security issues.