1. BITBILIHome
  2. Article

‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

140 views

TL;DR Breakdown

  • Fireblocks identified “BitForge” vulnerabilities in over 15 major cryptocurrency wallets, highlighting potential risks to user funds on platforms like Coinbase and Binance.
  • The BitForge flaws target security methods called MPCs, allowing faster unauthorized access to secured assets if exploited.
  • Despite the challenges posed by BitForge, industry giants like Coinbase promptly addressed the concerns, showcasing the crypto-sector’s commitment to user security.

Description

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight. Cybersecurity company Fireblocks presented its findings at the Black Hat … Read more

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight.

Cybersecurity company Fireblocks presented its findings at the Black Hat USA conference, disclosing that over 15 predominant cryptocurrency wallets, making up over 80% of the market, were affected. These vulnerabilities could have easily been harnessed to compromise user funds on celebrated exchanges, including Binance and Coinbase.

These security flaws primarily targeted multiparty computation protocols (MPCs). MPCs typically fracture private keys into multiple fragments, dispersed over different devices. This method should ideally bolster security. However, it was discovered that certain implementations of MPCs made it feasible for malicious actors to access the full key after merely 16 transactions. Such rapid-fire transactions could occur within seconds on high-frequency wallets.

Fireblocks’ CEO, Michael Shaulov, explained the simplicity of exploiting these vulnerabilities. He remarked, “The BitForge vulnerabilities operate in line with common cyber-attack mechanisms. A single compromised user through malware is all that’s needed.” This underscores the ever-present threat of malware, often delivered via phishing scams designed to deceive users into downloading malevolent software or revealing sensitive data.

This vulnerability’s disclosure comes amidst a mixed landscape of crypto crimes. While the overall figure was down 65% to $3.3 billion in H1 2023 from 2022, ransomware attacks – malicious software that encrypts a victim’s files and demands payment for their release, typically in cryptocurrency – are rising sharply. These are predicted to nearly touch $900 million this year, only slightly behind 2021’s $940 million.

The international community and regulatory bodies have long been apprehensive about cybersecurity linked to digital assets. Given the burgeoning incidents of cryptocurrency thefts, many governments are ramping up efforts to integrate digital assets and their providers within a regulatory framework. As an illustration, Hong Kong’s Securities and Futures Commission (SFC) now necessitates cryptocurrency exchanges operating within its jurisdiction to acquire a license. This move seeks to impose benchmarks in cybersecurity, private key management, and other areas.

However, uncertainties remain. While Fireblocks has pinpointed vulnerabilities in a significant number of wallet providers, determining the exact number affected by these flawed MPC implementations remains elusive.

A deep dive into BitForge

Fireblocks’ research pinpointed vulnerabilities in implementations of certain multi-party computation (MPC) protocols, specifically GG-18, GG-20, and Lindell17. These vulnerabilities were traced back to deviations from standard implementations or previous efforts to patch known flaws.

Notably, GG-18 and GG-20 protocols faced issues where earlier attempts to rectify vulnerabilities inadvertently introduced newer ones. Lindell17’s flaw, on the other hand, revolved around deviations from the original academic specifications and mishandling of failed signatures.

As a testament to industry collaboration, Fireblocks undertook a 90-day disclosure process. Their endeavors were met with a proactive response. Leading wallet providers, particularly Coinbase WaaS and Zengo, were commended for their swift action in addressing and rectifying the security flaws.

As digital currencies continue to weave themselves into the world’s financial fabric, it’s evident that maintaining cybersecurity will remain a top priority for providers and regulators alike.

文章来源于互联网:‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月12日 09:01
Next 2023年8月12日 10:00

Related articles

  • Dogecoin surges as Elon Musk’s Twitter activity sparks interest

    TL;DR Breakdown Dogecoin has experienced a small surge following several activities of Elon Musk on Twitter. Controversy surrounds the future of the asset in the crypto market. Description The digital asset market may have been relatively quiet, but one cryptocurrency that stands out with a remarkable surge is Dogecoin. The surge can be attributed to Twitter CEO Elon Musk. Presently, DOGE has surged 1.65% in the past 24 hours, trading at $0.07. Over the past week, it has seen a 19% increase, making … Read more The digital asset market may have been relatively quiet, but one cryptocurrency that stands out with a remarkable surge is Dogecoin. The surge can be attributed to Twitter CEO Elon Musk. Presently, DOGE has surged 1.65% in the past 24 hours, trading at $0.07. Over the past week, it has seen a 19% increase, making it one of the best-performing coins in the market. Dogecoin sees a 9% rise in 24 hours Created as a joke by a group of engineers in 2013, Dogecoin has unexpectedly gained significant popularity, currently ranking as the eighth-largest…

    Article 2023年7月27日

  • Sam Bankman-Fried’s links to BALD liquidity rug pull exposed

    TL;DR Breakdown Sam Bankman-Fried’s (SBF) links to the BALD liquidity rug pull have been exposed. Crypto Twitter points out similarities between phrases used by the BALD Twitter account and SBF. FTX and Alameda allegedly deposited into the BALD developer’s wallet over two years. Certain crypto experts argue that it is improbable for SBF to be involved due to the stringent restrictions on internet usage as part of his bail conditions. Description On Monday, an unidentified developer drained all the liquidity from the BALD meme coin on the Ethereum layer-2 network Base. Certain observers in the blockchain community suggest that the wallets utilized by the responsible party seem to be linked to Sam Bankman-Fried(SBF), the previous CEO of FTX, who is currently under house arrest. SBF links … Read more On Monday, an unidentified developer drained all the liquidity from the BALD meme coin on the Ethereum layer-2 network Base. Certain observers in the blockchain community suggest that the wallets utilized by the responsible party seem to be linked to Sam Bankman-Fried(SBF), the previous CEO of FTX, who is currently under…

    Article 2023年8月1日

  • Hungarian artist sells computer-generated NFTs for $1.2 million

    TL;DR Breakdown Hungarian artist Vera Molnár has sold out a series of computer-generated NFTs for $1.2 million. Navigating the impact of NFTs on the art world. Description In a groundbreaking event, Hungarian artist Vera Molnár collaborated with Martin Grasser to create a series of computer-generated nonfungible tokens (NFTs) that sold out during Sotheby’s Dutch auction for an impressive 631 Ethereum, equivalent to approximately $1.2 million, in under one hour. The collection, titled “Themes and Variation,” comprises 500 unique collectibles generated through an … Read more In a groundbreaking event, Hungarian artist Vera Molnár collaborated with Martin Grasser to create a series of computer-generated nonfungible tokens (NFTs) that sold out during Sotheby’s Dutch auction for an impressive 631 Ethereum, equivalent to approximately $1.2 million, in under one hour. The collection, titled “Themes and Variation,” comprises 500 unique collectibles generated through an algorithmic combination of 170 color palettes and recursive grids. The Hungarian artist sold out the arts in one hour Auctioneers described the collection as an expansion of the Hungarian artist’s 2% d’ordre generative protocol, which explores the potential of grids…

    Article 2023年7月28日

  • Monero price analysis: XMR recovers $140, can the bulls continue the motion?

    TL;DR Breakdown Monero price analysis suggests sideways movement below $143.00 The closest support level lies at $136.00 XMR faces resistance at the $143.00 mark The Monero price analysis shows that the XMR price action has found support at the $135.00 mark. Currently, the price action has risen to the $140.00 level and seems to be recovering further.  The broader cryptocurrency market observed a negative market sentiment over the last 24 hours as most major cryptocurrencies recorded negative price movements. Major players include BNB and ETH recording a 2.39 and a 1.09 percent decline respectively.  Monero price analysis: XMR returns to $140 4-hour price chart by Tradingview The MACD is currently bullish as expressed in the green colour of the histogram. Moreover, the indicator shows a steady bullish momentum as observed in the tall height of the histogram. Furthermore, the darker shade suggests a positive outlook as the price approaches the $140 mark. The EMAs are trading below the mean position as net price movement over the last ten days remains strongly negative. Currently, the EMAs are trading far from each other…

    Article 2023年6月15日

  • Binance Academy launches intermediate-level courses to boost Web3 education

    TL;DR Breakdown Binance Academy has launched new intermediate online courses following the success of its beginner track, offering comprehensive education on blockchain, cryptocurrencies, DApps, DeFi, NFTs, and crypto trading. The first course, ‘Blockchain Deep Dive’, is available in English, with more courses in multiple languages to be launched in the coming months. Learners receive Certificates of Achievement in PDF and NFT formats upon course completion. Description Binance Academy, the educational arm of the world’s leading cryptocurrency exchange Binance, has announced the launch of its new intermediate online courses. Also, the rollout follows the successful debut of the beginner track in late 2022, which saw about 170,000 learners.  The intermediate track includes six comprehensive courses on blockchain, cryptocurrencies, DApps, DeFi, NFTs, and crypto … Read more Binance Academy, the educational arm of the world’s leading cryptocurrency exchange Binance, has announced the launch of its new intermediate online courses. Also, the rollout follows the successful debut of the beginner track in late 2022, which saw about 170,000 learners.  The intermediate track includes six comprehensive courses on blockchain, cryptocurrencies, DApps, DeFi, NFTs, and crypto trading. …

    Article 2023年7月26日
TOP