1. BITBILIHome
  2. Article

‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

25 views

TL;DR Breakdown

  • Fireblocks identified “BitForge” vulnerabilities in over 15 major cryptocurrency wallets, highlighting potential risks to user funds on platforms like Coinbase and Binance.
  • The BitForge flaws target security methods called MPCs, allowing faster unauthorized access to secured assets if exploited.
  • Despite the challenges posed by BitForge, industry giants like Coinbase promptly addressed the concerns, showcasing the crypto-sector’s commitment to user security.

Description

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight. Cybersecurity company Fireblocks presented its findings at the Black Hat … Read more

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight.

Cybersecurity company Fireblocks presented its findings at the Black Hat USA conference, disclosing that over 15 predominant cryptocurrency wallets, making up over 80% of the market, were affected. These vulnerabilities could have easily been harnessed to compromise user funds on celebrated exchanges, including Binance and Coinbase.

These security flaws primarily targeted multiparty computation protocols (MPCs). MPCs typically fracture private keys into multiple fragments, dispersed over different devices. This method should ideally bolster security. However, it was discovered that certain implementations of MPCs made it feasible for malicious actors to access the full key after merely 16 transactions. Such rapid-fire transactions could occur within seconds on high-frequency wallets.

Fireblocks’ CEO, Michael Shaulov, explained the simplicity of exploiting these vulnerabilities. He remarked, “The BitForge vulnerabilities operate in line with common cyber-attack mechanisms. A single compromised user through malware is all that’s needed.” This underscores the ever-present threat of malware, often delivered via phishing scams designed to deceive users into downloading malevolent software or revealing sensitive data.

This vulnerability’s disclosure comes amidst a mixed landscape of crypto crimes. While the overall figure was down 65% to $3.3 billion in H1 2023 from 2022, ransomware attacks – malicious software that encrypts a victim’s files and demands payment for their release, typically in cryptocurrency – are rising sharply. These are predicted to nearly touch $900 million this year, only slightly behind 2021’s $940 million.

The international community and regulatory bodies have long been apprehensive about cybersecurity linked to digital assets. Given the burgeoning incidents of cryptocurrency thefts, many governments are ramping up efforts to integrate digital assets and their providers within a regulatory framework. As an illustration, Hong Kong’s Securities and Futures Commission (SFC) now necessitates cryptocurrency exchanges operating within its jurisdiction to acquire a license. This move seeks to impose benchmarks in cybersecurity, private key management, and other areas.

However, uncertainties remain. While Fireblocks has pinpointed vulnerabilities in a significant number of wallet providers, determining the exact number affected by these flawed MPC implementations remains elusive.

A deep dive into BitForge

Fireblocks’ research pinpointed vulnerabilities in implementations of certain multi-party computation (MPC) protocols, specifically GG-18, GG-20, and Lindell17. These vulnerabilities were traced back to deviations from standard implementations or previous efforts to patch known flaws.

Notably, GG-18 and GG-20 protocols faced issues where earlier attempts to rectify vulnerabilities inadvertently introduced newer ones. Lindell17’s flaw, on the other hand, revolved around deviations from the original academic specifications and mishandling of failed signatures.

As a testament to industry collaboration, Fireblocks undertook a 90-day disclosure process. Their endeavors were met with a proactive response. Leading wallet providers, particularly Coinbase WaaS and Zengo, were commended for their swift action in addressing and rectifying the security flaws.

As digital currencies continue to weave themselves into the world’s financial fabric, it’s evident that maintaining cybersecurity will remain a top priority for providers and regulators alike.

文章来源于互联网:‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月12日 09:01
Next 2023年8月12日 10:00

Related articles

  • Shibarium goes live: Shiba Inu’s layer-2 solution ready for action

    TL;DR Breakdown Shytoshi Kusama announced the official launch of Shibarium, a layer-2 scaling solution for the Shiba Inu blockchain. Even before its official announcement, Shibarium had over 65,000 wallets and processed 350,000 transactions. Shibarium has a specific token withdrawal process, with varying clearance times, ensuring security. Description Shytoshi Kusama, the lead developer of Shiba Inu, recently announced that Shibarium, the layer-2 scaling solution for the Shiba Inu blockchain, is officially live and “ready for prime time.” This announcement marks a significant milestone in the Shiba Inu ecosystem, as Shibarium aims to address scalability issues and enhance the overall user experience. Kusama acknowledged … Read more Shytoshi Kusama, the lead developer of Shiba Inu, recently announced that Shibarium, the layer-2 scaling solution for the Shiba Inu blockchain, is officially live and “ready for prime time.” This announcement marks a significant milestone in the Shiba Inu ecosystem, as Shibarium aims to address scalability issues and enhance the overall user experience. Kusama acknowledged the Polygon team’s and other collaborators’ contributions in bringing Shibarium to fruition. The decision to fork Polygon for this layer-2…

    Article 2023年8月28日

  • German regulator BaFin warns consumers about unlicensed financial services on Bitcoin Bank Breaker

    TL;DR Breakdown BaFin investigates Bitcoin Bank Breaker for suspected illegal activities in the cryptocurrency exchange. BaFin warned German consumers to be cautious when dealing with the platform due to a lack of company information. Allegations of unlicensed financial services offered by Bitcoin Bank Breaker under BaFin scrutiny. Description Germany’s Federal Financial Supervisory Authority, BaFin, has initiated an investigation into cryptocurrency exchange Bitcoin Bank Breaker, citing various warning signs that raise suspicions of illegal activities. The regulator expresses concerns over the platform’s failure to provide essential company information on its website, such as a full company name, legal form, or place of business. Consequently, … Read more Germany’s Federal Financial Supervisory Authority, BaFin, has initiated an investigation into cryptocurrency exchange Bitcoin Bank Breaker, citing various warning signs that raise suspicions of illegal activities. The regulator expresses concerns over the platform’s failure to provide essential company information on its website, such as a full company name, legal form, or place of business. Consequently, BaFin has warned German consumers, urging caution while interacting with the platform. BaFin alleges that Bitcoin Bank Breaker’s developers…

    Article 2023年8月1日

  • Why is the crypto market down today? The CPI data aftermath

    TL;DR Breakdown Bitcoin and the entire crypto market take a nosedive following the Consumer Price Index (CPI) released yesterday. Today morning, two wallets linked to the US government – With Silk Road BTC holdings- moved $300 worth of BTC, bringing a negative sentiment to the crypto market. Some analysts believe it is only a matter of time before Bitcoin starts its partial recovery from a crypto meltdown in 2022. Description After a slight decline yesterday, both the Bitcoin (BTC) price and the crypto market cap displayed bearish indications. The current Bitcoin price, according to CoinMarketCap, is $30,595.80. B TC has a 24-hour trading volume of $14,855,555.780 million. In the past twenty-four hours, Bitcoin has declined by 0.33 percent.  According to CoinGecko, the current global crypto … Read more After a slight decline yesterday, both the Bitcoin (BTC) price and the crypto market cap displayed bearish indications. The current Bitcoin price, according to CoinMarketCap, is $30,595.80. B TC has a 24-hour trading volume of $14,855,555.780 million. In the past twenty-four hours, Bitcoin has declined by 0.33 percent.  According to CoinGecko, the…

    Article 2023年7月13日

  • Senator Elizabeth Warren Hints at New Crypto Bill to Close Loopholes 

    TL;DR Breakdown Senator Elizabeth Warren suggests a bill to address loopholes and establish regulations in the crypto industry. She claims that crypto payments are involved in illicit activities, such as the Chinese fentanyl trade. The proposed bill aims to protect against fraud and apply common-sense rules to cryptocurrencies. In a recent development, US Senator Elizabeth Warren has hinted at the possibility of introducing a bill aimed at addressing loopholes within the crypto industry. Senator Warren has been vocal about her concerns regarding cryptocurrencies and their potential involvement in illicit activities such as the fentanyl trade with China. The proposed bill seeks to regulate the industry, close existing loopholes, and implement common-sense rules to protect against fraudulent practices.  This announcement further fuels the ongoing debate surrounding cryptocurrencies and highlights the increasingly divided political landscape surrounding their regulation in the lead-up to the US presidential election in 2024. Contents hide 1 The Alleged Involvement of Crypto Payments in the Fentanyl Trade 2 A Divided Political Class 3 Closing Loopholes and Applying Common-Sense Rules 4 Conclusion The Alleged Involvement of Crypto Payments in…

    Article 2023年6月8日

  • Ukraine requests financial information from cryptocurrency firms

    TL;DR Breakdown Ukraine has instructed crypto firms to provide financial information for the first and second quarters of 2023. Crypto firms shift focus as regulatory pressure mounts. Description The cryptocurrency industry in Ukraine is facing increased scrutiny as the National Bank of Ukraine (NBU) recently demanded four local crypto firms provide financial statements for the first two quarters of 2023. The affected companies include Kuna, CoinPay, GEO Pay, and Qmall. The NBU has given these firms a deadline of seven days to submit … Read more The cryptocurrency industry in Ukraine is facing increased scrutiny as the National Bank of Ukraine (NBU) recently demanded four local crypto firms provide financial statements for the first two quarters of 2023. The affected companies include Kuna, CoinPay, GEO Pay, and Qmall. The NBU has given these firms a deadline of seven days to submit the requested financial data. Ukraine announces one-week ultimatum for compliance Michael Chobanyan, founder, and CEO of Kuna exchange, revealed this development on July 3, referring to a document distributed by the Ukrainian Telegram news channel “Politics of the country.”…

    Article 2023年8月2日
TOP