1. BITBILIHome
  2. Article

‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

96 views

TL;DR Breakdown

  • Fireblocks identified “BitForge” vulnerabilities in over 15 major cryptocurrency wallets, highlighting potential risks to user funds on platforms like Coinbase and Binance.
  • The BitForge flaws target security methods called MPCs, allowing faster unauthorized access to secured assets if exploited.
  • Despite the challenges posed by BitForge, industry giants like Coinbase promptly addressed the concerns, showcasing the crypto-sector’s commitment to user security.

Description

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight. Cybersecurity company Fireblocks presented its findings at the Black Hat … Read more

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight.

Cybersecurity company Fireblocks presented its findings at the Black Hat USA conference, disclosing that over 15 predominant cryptocurrency wallets, making up over 80% of the market, were affected. These vulnerabilities could have easily been harnessed to compromise user funds on celebrated exchanges, including Binance and Coinbase.

These security flaws primarily targeted multiparty computation protocols (MPCs). MPCs typically fracture private keys into multiple fragments, dispersed over different devices. This method should ideally bolster security. However, it was discovered that certain implementations of MPCs made it feasible for malicious actors to access the full key after merely 16 transactions. Such rapid-fire transactions could occur within seconds on high-frequency wallets.

Fireblocks’ CEO, Michael Shaulov, explained the simplicity of exploiting these vulnerabilities. He remarked, “The BitForge vulnerabilities operate in line with common cyber-attack mechanisms. A single compromised user through malware is all that’s needed.” This underscores the ever-present threat of malware, often delivered via phishing scams designed to deceive users into downloading malevolent software or revealing sensitive data.

This vulnerability’s disclosure comes amidst a mixed landscape of crypto crimes. While the overall figure was down 65% to $3.3 billion in H1 2023 from 2022, ransomware attacks – malicious software that encrypts a victim’s files and demands payment for their release, typically in cryptocurrency – are rising sharply. These are predicted to nearly touch $900 million this year, only slightly behind 2021’s $940 million.

The international community and regulatory bodies have long been apprehensive about cybersecurity linked to digital assets. Given the burgeoning incidents of cryptocurrency thefts, many governments are ramping up efforts to integrate digital assets and their providers within a regulatory framework. As an illustration, Hong Kong’s Securities and Futures Commission (SFC) now necessitates cryptocurrency exchanges operating within its jurisdiction to acquire a license. This move seeks to impose benchmarks in cybersecurity, private key management, and other areas.

However, uncertainties remain. While Fireblocks has pinpointed vulnerabilities in a significant number of wallet providers, determining the exact number affected by these flawed MPC implementations remains elusive.

A deep dive into BitForge

Fireblocks’ research pinpointed vulnerabilities in implementations of certain multi-party computation (MPC) protocols, specifically GG-18, GG-20, and Lindell17. These vulnerabilities were traced back to deviations from standard implementations or previous efforts to patch known flaws.

Notably, GG-18 and GG-20 protocols faced issues where earlier attempts to rectify vulnerabilities inadvertently introduced newer ones. Lindell17’s flaw, on the other hand, revolved around deviations from the original academic specifications and mishandling of failed signatures.

As a testament to industry collaboration, Fireblocks undertook a 90-day disclosure process. Their endeavors were met with a proactive response. Leading wallet providers, particularly Coinbase WaaS and Zengo, were commended for their swift action in addressing and rectifying the security flaws.

As digital currencies continue to weave themselves into the world’s financial fabric, it’s evident that maintaining cybersecurity will remain a top priority for providers and regulators alike.

文章来源于互联网:‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月12日 09:01
Next 2023年8月12日 10:00

Related articles

  • Sam Bankman-Fried’s links to BALD liquidity rug pull exposed

    TL;DR Breakdown Sam Bankman-Fried’s (SBF) links to the BALD liquidity rug pull have been exposed. Crypto Twitter points out similarities between phrases used by the BALD Twitter account and SBF. FTX and Alameda allegedly deposited into the BALD developer’s wallet over two years. Certain crypto experts argue that it is improbable for SBF to be involved due to the stringent restrictions on internet usage as part of his bail conditions. Description On Monday, an unidentified developer drained all the liquidity from the BALD meme coin on the Ethereum layer-2 network Base. Certain observers in the blockchain community suggest that the wallets utilized by the responsible party seem to be linked to Sam Bankman-Fried(SBF), the previous CEO of FTX, who is currently under house arrest. SBF links … Read more On Monday, an unidentified developer drained all the liquidity from the BALD meme coin on the Ethereum layer-2 network Base. Certain observers in the blockchain community suggest that the wallets utilized by the responsible party seem to be linked to Sam Bankman-Fried(SBF), the previous CEO of FTX, who is currently under…

    Article 2023年8月1日

  • SBF can’t catch a break: Indicted on new charges

    TL;DR Breakdown Sam Bankman-Fried (SBF), FTX founder, faces new indictments over misuse of $100 million in customer funds for political donations. Charges include self-enrichment, supporting FTX’s operations, and political contributions. SBF has a history of prior legal troubles and has pleaded not guilty. Description SBF, the notorious founder of the now-defunct cryptocurrency exchange FTX, is under fire once again. New indictments allege that he pilfered over $100 million in customer funds, which were later funneled into political campaign contributions in the lead-up to the 2022 U.S. midterm elections. The drama surrounding SBF seems to intensify with every passing day, … Read more SBF, the notorious founder of the now-defunct cryptocurrency exchange FTX, is under fire once again. New indictments allege that he pilfered over $100 million in customer funds, which were later funneled into political campaign contributions in the lead-up to the 2022 U.S. midterm elections. The drama surrounding SBF seems to intensify with every passing day, leaving many wondering where his free-fall will end. A Web of Deceit and Malfeasance Delving into the indictment’s particulars, it’s clear that Bankman-Fried’s…

    Article 2023年8月15日

  • The AI chip stock frenzy is not going to end well

    TL;DR Breakdown The AI chip frenzy might not end well, particularly for tech giants like Samsung, whose second-quarter earnings suggest a longer path to AI-driven profits than anticipated. Despite investors boosting Samsung’s stock, forecasts predict a 96% plunge in operating profit and a 22% drop in sales. An excess of AI chips due to the 2021 global shortage and decreased demand for smartphones and computers have resulted in lower sales forecasts and reduced contract volumes. Description Artificial Intelligence (AI) chips have become a hot commodity in recent years, as investors perceive them to be the new gold rush in the tech sector. However, as the mad rush for AI chip stocks escalates, there’s an impending sense that this frantic scramble might not have a fairy tale ending, particularly for tech giants … Read more Artificial Intelligence (AI) chips have become a hot commodity in recent years, as investors perceive them to be the new gold rush in the tech sector. However, as the mad rush for AI chip stocks escalates, there’s an impending sense that this frantic scramble might not…

    Article 2023年7月10日

  • FTX scandal exposed: Misuse of customer deposits revealed in second investigative report

    TL;DR Breakdown FTX, a once reputable crypto exchange, is embroiled in a scandal involving the misuse of customer deposits for personal gain. The investigative report reveals that FTX commingled customer funds with corporate funds, resulting in the misappropriation of approximately $8.7 billion owed to customers. Former FTX executives deliberately concealed their actions, making it challenging to trace the misappropriated assets. Description FTX, once hailed as a customer-focused leader in the digital age, is now under intense scrutiny following the release of a damning investigative report by FTX debtors. The report uncovers shocking revelations of the commingling and misuse of customer deposits at the now-defunct crypto exchange. The former senior executives at FTX Group are accused of … Read more FTX, once hailed as a customer-focused leader in the digital age, is now under intense scrutiny following the release of a damning investigative report by FTX debtors. The report uncovers shocking revelations of the commingling and misuse of customer deposits at the now-defunct crypto exchange. The former senior executives at FTX Group are accused of deliberately misusing customer funds for personal…

    Article 2023年6月29日

  • Cardano price analysis: ADA rallies to $0.3790 as bulls continue progress

    TL;DR Breakdown Cardano price analysis is bullish today ADA is trading at $0.3790, up by 0.22 per cent Resistance and support stand at $0.3859 and 0.3764, respectively The latest Cardano price analysis indicates that bulls are continuing to make progress. The buying pressure has pushed ADA up to $0.3790, a 0.22 per cent increase in the last 24 hours. ADA opened today’s trading session at $0.3774 and moved higher to face resistance at $0.3859 before retracing slightly below the $0.3800 level. The bulls are currently facing resistance at the $0.3859 mark, which is expected to be broken in the near term if buyers can stay strong enough. On the other hand, support stands at $0.3764, which has successfully defended the price from dropping further. If this support fails to hold, ADA could be vulnerable to a correction lower towards $0.3650 and even $0.3500. Cardano price analysis 1-day chart: Can ADA overcome resistance at the $0.3900 mark? On the daily chart, Cardano price analysis indicates that bulls have pushed ADA above the $0.3800 level and are now facing strong resistance toward…

    Article 2023年6月2日
TOP