1. BITBILIHome
  2. Article

‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

119 views

TL;DR Breakdown

  • Fireblocks identified “BitForge” vulnerabilities in over 15 major cryptocurrency wallets, highlighting potential risks to user funds on platforms like Coinbase and Binance.
  • The BitForge flaws target security methods called MPCs, allowing faster unauthorized access to secured assets if exploited.
  • Despite the challenges posed by BitForge, industry giants like Coinbase promptly addressed the concerns, showcasing the crypto-sector’s commitment to user security.

Description

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight. Cybersecurity company Fireblocks presented its findings at the Black Hat … Read more

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight.

Cybersecurity company Fireblocks presented its findings at the Black Hat USA conference, disclosing that over 15 predominant cryptocurrency wallets, making up over 80% of the market, were affected. These vulnerabilities could have easily been harnessed to compromise user funds on celebrated exchanges, including Binance and Coinbase.

These security flaws primarily targeted multiparty computation protocols (MPCs). MPCs typically fracture private keys into multiple fragments, dispersed over different devices. This method should ideally bolster security. However, it was discovered that certain implementations of MPCs made it feasible for malicious actors to access the full key after merely 16 transactions. Such rapid-fire transactions could occur within seconds on high-frequency wallets.

Fireblocks’ CEO, Michael Shaulov, explained the simplicity of exploiting these vulnerabilities. He remarked, “The BitForge vulnerabilities operate in line with common cyber-attack mechanisms. A single compromised user through malware is all that’s needed.” This underscores the ever-present threat of malware, often delivered via phishing scams designed to deceive users into downloading malevolent software or revealing sensitive data.

This vulnerability’s disclosure comes amidst a mixed landscape of crypto crimes. While the overall figure was down 65% to $3.3 billion in H1 2023 from 2022, ransomware attacks – malicious software that encrypts a victim’s files and demands payment for their release, typically in cryptocurrency – are rising sharply. These are predicted to nearly touch $900 million this year, only slightly behind 2021’s $940 million.

The international community and regulatory bodies have long been apprehensive about cybersecurity linked to digital assets. Given the burgeoning incidents of cryptocurrency thefts, many governments are ramping up efforts to integrate digital assets and their providers within a regulatory framework. As an illustration, Hong Kong’s Securities and Futures Commission (SFC) now necessitates cryptocurrency exchanges operating within its jurisdiction to acquire a license. This move seeks to impose benchmarks in cybersecurity, private key management, and other areas.

However, uncertainties remain. While Fireblocks has pinpointed vulnerabilities in a significant number of wallet providers, determining the exact number affected by these flawed MPC implementations remains elusive.

A deep dive into BitForge

Fireblocks’ research pinpointed vulnerabilities in implementations of certain multi-party computation (MPC) protocols, specifically GG-18, GG-20, and Lindell17. These vulnerabilities were traced back to deviations from standard implementations or previous efforts to patch known flaws.

Notably, GG-18 and GG-20 protocols faced issues where earlier attempts to rectify vulnerabilities inadvertently introduced newer ones. Lindell17’s flaw, on the other hand, revolved around deviations from the original academic specifications and mishandling of failed signatures.

As a testament to industry collaboration, Fireblocks undertook a 90-day disclosure process. Their endeavors were met with a proactive response. Leading wallet providers, particularly Coinbase WaaS and Zengo, were commended for their swift action in addressing and rectifying the security flaws.

As digital currencies continue to weave themselves into the world’s financial fabric, it’s evident that maintaining cybersecurity will remain a top priority for providers and regulators alike.

文章来源于互联网:‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月12日 09:01
Next 2023年8月12日 10:00

Related articles

  • BRICS catches 22 more countries’ eyes – You there, U.S.?

    TL;DR Breakdown Over 40 countries have expressed interest in joining BRICS (Brazil, Russia, India, China, and South Africa), signaling a potential shift in global power. The expansion of BRICS will be a key topic in their upcoming summit in August. The potential introduction of a new BRICS currency could significantly impact the U.S. economy, affecting sectors like banking, finance, oil, and gas. Description The BRICS alliance, standing for Brazil, Russia, India, China, and South Africa, is increasingly becoming a beacon of hope for emerging economies. As of now, over 40 nations have shown a desire to join this burgeoning bloc, illustrating the potential power shift on the global stage from the U.S. led West to a more diversified … Read more The BRICS alliance, standing for Brazil, Russia, India, China, and South Africa, is increasingly becoming a beacon of hope for emerging economies. As of now, over 40 nations have shown a desire to join this burgeoning bloc, illustrating the potential power shift on the global stage from the U.S. led West to a more diversified economic hemisphere. BRICS’ rising…

    Article 2023年7月21日

  • Bitget surges in Latam amid Binance and Coinbase legal turmoil

    TL;DR Breakdown Latin American Bitget users climbed 43% and deposits 134% from June 6 to June 9. Legal action against Binance, a crypto exchange, was initiated by the United States on June 5. The number of Brazilian customers joining the exchange increased by 54%, while the total amount of money they deposited increased by 208%. As a result of the legal issues between Binance and Coinbase, crypto investors in Latin America (Latam) are increasingly using Bitget as an alternate platform. Bitget is gaining popularity as a trustworthy and safe crypto trading platform in Latam. Important transactions in the past have also been challenged in court. Bitget saw a 43% increase in users from Latin America last week, while deposits increased by 134%. Bitget gains Latin American users amid Binance and Coinbase lawsuits Bitget, a crypto exchange, has seen a meteoric rise in its customer base across Latin America. The increase in new signups follows a lawsuit filed by US officials against Binance and Coinbase. According to Bitget, between June 6 and June 9, new users in the region surged by…

    Article 2023年6月14日

  • OKX and Bybit cut ties with sanctioned Russian banks

    TL;DR Breakdown OKX and Bybit have stopped supporting payment cards from sanctioned Russian banks. This follows a similar move by Binance, which previously removed such cards due to Western sanctions. Description In the evolving landscape of international politics and finance, major cryptocurrency exchanges are making headlines with their recent decisions. Cryptocurrency powerhouses OKX and Bybit have taken a bold stance, distancing themselves from Russian banks that have landed on Western sanction lists. These moves are reflective of a growing trend within the crypto industry to act … Read more In the evolving landscape of international politics and finance, major cryptocurrency exchanges are making headlines with their recent decisions. Cryptocurrency powerhouses OKX and Bybit have taken a bold stance, distancing themselves from Russian banks that have landed on Western sanction lists. These moves are reflective of a growing trend within the crypto industry to act more diligently amidst geopolitical tensions. The Crypto Industry’s Response to Sanctions Both OKX and Bybit have now joined the ranks of leading exchanges that are cutting off support for payment cards from certain Russian financial institutions…

    Article 2023年8月31日

  • Coinbase CEO Brian Armstrong confirms lightning network integration: What does this mean for Bitcoin?

    TL;DR Breakdown Coinbase CEO Brian Armstrong confirmed the exchange’s plans to integrate the Lightning Network, aiming to offer faster and more cost-effective Bitcoin transactions. The decision follows a public consultation process and comes amid increasing adoption of the Lightning Network, which aims to solve Bitcoin’s scalability issues. Description Coinbase, one of the world’s leading cryptocurrency exchanges, has confirmed its decision to integrate the Lightning Network, a second-layer solution built atop the Bitcoin blockchain. Coinbase is set to join other major crypto exchanges, such as Binance, Kraken, and Bitfinex, that already offer Lightning Network services. Coinbase lightning network adoption  Brian Armstrong, the CEO of … Read more Coinbase, one of the world’s leading cryptocurrency exchanges, has confirmed its decision to integrate the Lightning Network, a second-layer solution built atop the Bitcoin blockchain. Coinbase is set to join other major crypto exchanges, such as Binance, Kraken, and Bitfinex, that already offer Lightning Network services. Coinbase lightning network adoption  Brian Armstrong, the CEO of Coinbase, announced the integration, emphasizing that Bitcoin remains the most crucial asset in the crypto space. The integration process…

    Article 2023年9月14日

  • Friend.tech Surpasses Uniswap and Bitcoin Networks, Generating Over $1M Within 24 Hours

    TL;DR Breakdown Friend.tech, launched in beta on August 11, allows users to tokenize their social network, generating over $1M in fees within a day, outpacing Uniswap and Bitcoin. While the platform’s rapid growth is attributed to its unique monetization model, experts highlight potential challenges, including the rising share prices leading to smaller user groups. Description In a remarkable turn of events, Friend.tech, a newly launched decentralized social (DeSo) network, has outpaced some of the most established players in the cryptocurrency ecosystem. Within just 24 hours on August 19, the platform generated an astonishing $1 million in fees, overshadowing the likes of Uniswap and even the Bitcoin network. Contents hide 1 … Read more In a remarkable turn of events, Friend.tech, a newly launched decentralized social (DeSo) network, has outpaced some of the most established players in the cryptocurrency ecosystem. Within just 24 hours on August 19, the platform generated an astonishing $1 million in fees, overshadowing the likes of Uniswap and even the Bitcoin network. Contents hide 1 A Revolutionary Approach to Social Networking 2 Rapid Growth and the Force…

    Article 2023年8月21日
TOP