Security News > 2023 > August > New BitForge cryptocurrency wallet flaws lets hackers steal crypto
Multiple zero-day vulnerabilities named 'BitForge' in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet providers, including Coinbase, ZenGo, Binance, and many more.
Today, the analysts publicly disclosed BitForge in the "Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets" BlackHat presentation, by which time Coinbase and ZenGo have applied fixes to address the problem.
The first flaw discovered by Fireblock impacts the GG18 and GG20 threshold signature schemes, which are considered pioneering and also foundational for the MPC wallet industry, allowing multiple parties to generate keys and co-sign transactions.
Fireblock's analysts discovered that depending on the implementation parameters, it is possible for an attacker to send a specially crafted message and extract key shards in 16-bit chunks, retrieving the entire private key from the wallet in 16 repetitions.
Coinbase told BleepingComputer that they fixed the flaws in its Wallet as a Service solution after the flaws were disclosed, thanking the researchers for their responsible disclosure.
New Realst macOS malware steals your cryptocurrency wallets.
News URL
Related news
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024 (source)