1. BITBILIHome
  2. Article

‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

35 views

TL;DR Breakdown

  • Fireblocks identified “BitForge” vulnerabilities in over 15 major cryptocurrency wallets, highlighting potential risks to user funds on platforms like Coinbase and Binance.
  • The BitForge flaws target security methods called MPCs, allowing faster unauthorized access to secured assets if exploited.
  • Despite the challenges posed by BitForge, industry giants like Coinbase promptly addressed the concerns, showcasing the crypto-sector’s commitment to user security.

Description

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight. Cybersecurity company Fireblocks presented its findings at the Black Hat … Read more

Recent revelations indicate that a host of leading cryptocurrency wallet providers were susceptible to potential security breaches. These vulnerabilities, now known as ‘BitForge’, have highlighted the inherent cyber risks in the cryptocurrency realm, even as the world grapples with increasing adoption and tighter regulatory oversight.

Cybersecurity company Fireblocks presented its findings at the Black Hat USA conference, disclosing that over 15 predominant cryptocurrency wallets, making up over 80% of the market, were affected. These vulnerabilities could have easily been harnessed to compromise user funds on celebrated exchanges, including Binance and Coinbase.

These security flaws primarily targeted multiparty computation protocols (MPCs). MPCs typically fracture private keys into multiple fragments, dispersed over different devices. This method should ideally bolster security. However, it was discovered that certain implementations of MPCs made it feasible for malicious actors to access the full key after merely 16 transactions. Such rapid-fire transactions could occur within seconds on high-frequency wallets.

Fireblocks’ CEO, Michael Shaulov, explained the simplicity of exploiting these vulnerabilities. He remarked, “The BitForge vulnerabilities operate in line with common cyber-attack mechanisms. A single compromised user through malware is all that’s needed.” This underscores the ever-present threat of malware, often delivered via phishing scams designed to deceive users into downloading malevolent software or revealing sensitive data.

This vulnerability’s disclosure comes amidst a mixed landscape of crypto crimes. While the overall figure was down 65% to $3.3 billion in H1 2023 from 2022, ransomware attacks – malicious software that encrypts a victim’s files and demands payment for their release, typically in cryptocurrency – are rising sharply. These are predicted to nearly touch $900 million this year, only slightly behind 2021’s $940 million.

The international community and regulatory bodies have long been apprehensive about cybersecurity linked to digital assets. Given the burgeoning incidents of cryptocurrency thefts, many governments are ramping up efforts to integrate digital assets and their providers within a regulatory framework. As an illustration, Hong Kong’s Securities and Futures Commission (SFC) now necessitates cryptocurrency exchanges operating within its jurisdiction to acquire a license. This move seeks to impose benchmarks in cybersecurity, private key management, and other areas.

However, uncertainties remain. While Fireblocks has pinpointed vulnerabilities in a significant number of wallet providers, determining the exact number affected by these flawed MPC implementations remains elusive.

A deep dive into BitForge

Fireblocks’ research pinpointed vulnerabilities in implementations of certain multi-party computation (MPC) protocols, specifically GG-18, GG-20, and Lindell17. These vulnerabilities were traced back to deviations from standard implementations or previous efforts to patch known flaws.

Notably, GG-18 and GG-20 protocols faced issues where earlier attempts to rectify vulnerabilities inadvertently introduced newer ones. Lindell17’s flaw, on the other hand, revolved around deviations from the original academic specifications and mishandling of failed signatures.

As a testament to industry collaboration, Fireblocks undertook a 90-day disclosure process. Their endeavors were met with a proactive response. Leading wallet providers, particularly Coinbase WaaS and Zengo, were commended for their swift action in addressing and rectifying the security flaws.

As digital currencies continue to weave themselves into the world’s financial fabric, it’s evident that maintaining cybersecurity will remain a top priority for providers and regulators alike.

文章来源于互联网:‘BitForge’ security flaw to threaten Binance, Coinbase, and other crypto exchanges 

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月12日 09:01
Next 2023年8月12日 10:00

Related articles

  • Shocking revelation: Sui Network addresses allegations on twisting emission charts & staking reward dumping

    TL;DR Breakdown Sui Network addresses allegations on misrepresentation on emission charts & staking reward dumping Sui will soon publish a detailed projection of the token release schedule and share the link with the users. Description Sui Network, an L1 blockchain platform, has taken to Twitter to clear the air after speculations that they deliberately misrepresented the emission chart and that the team was dumping staking rewards in the company’s native token, SUI.  Sui sets the record straight on the ongoing controversy Earlier, a DeFi expert made allegations against Sui Network … Read more Sui Network, an L1 blockchain platform, has taken to Twitter to clear the air after speculations that they deliberately misrepresented the emission chart and that the team was dumping staking rewards in the company’s native token, SUI.  Sui sets the record straight on the ongoing controversy Earlier, a DeFi expert made allegations against Sui Network for intentionally misrepresenting emissions and the team dumping rewards from staked SUI to Binance. In response, Sui has issued a statement explaining that it is gradually adding to the Sui token supply…

    Article 2023年6月30日

  • BRICS summit: Key insights you need to know

    TL;DR Breakdown BRICS added six countries, reshaping global economic dynamics. The expansion may influence a shift from US dollar transactions in oil sales. Xi Jinping missed a key speech, while Putin attended virtually. Description A critical global spotlight was set on the BRICS 2023 Summit. The key players in the bloc made decisions that may shake the very core of the geopolitical arena. And if you weren’t paying attention, you might just miss out on understanding the future landscape of our global order. From unexpected memberships to suspicious absences, … Read more A critical global spotlight was set on the BRICS 2023 Summit. The key players in the bloc made decisions that may shake the very core of the geopolitical arena. And if you weren’t paying attention, you might just miss out on understanding the future landscape of our global order. From unexpected memberships to suspicious absences, here’s the lowdown. Shaking up the global order with new additions Expanding a bloc isn’t just about adding names to a list—it’s a calculated move, shifting power dynamics and potentially sending shockwaves across…

    Article 2023年8月28日

  • Fed’s $100 billion loss – You won’t believe what’s behind it

    TL;DR Breakdown The Federal Reserve’s losses have surged past $100 billion, causing significant concern. Predictions suggest this could rise to between $150 billion and $200 billion soon. These losses stem from the Fed’s aggressive interest rate hikes and its bond-buying spree during the pandemic. Description Recent data paints a startling picture for the Federal Reserve as its losses have alarmingly surged past the $100 billion mark. For a financial institution of its caliber, such a figure sends shockwaves across economic landscapes. The real kicker? Predictions suggest the worst is yet to come. The Road Ahead Looks Even Rougher Experts are … Read more Recent data paints a startling picture for the Federal Reserve as its losses have alarmingly surged past the $100 billion mark. For a financial institution of its caliber, such a figure sends shockwaves across economic landscapes. The real kicker? Predictions suggest the worst is yet to come. The Road Ahead Looks Even Rougher Experts are chiming in with rather grim projections. Analyst William English, previously part of the central bank’s inner circle and now sharing his wisdom…

    Article 2023年9月16日

  • SVB Financial sues the FDIC for billions – Here is why

    TL;DR Breakdown SVB Financial Group is suing the U.S. FDIC over $1.9 billion, claiming it as their rightful property. The dispute arose after SVB’s banking subsidiary, Silicon Valley Bank, was put under FDIC’s control following a $42 billion bank run. Description There is a heavyweight battle occurring within the United States financial arena. SVB Financial Group, a substantial holding company, is squaring off against a titan of the industry – the U.S. Federal Deposit Insurance Corporation (FDIC). The clash involves a staggering sum of $1.9 billion, a vault of cash that SVB contends belongs to them, … Read more There is a heavyweight battle occurring within the United States financial arena. SVB Financial Group, a substantial holding company, is squaring off against a titan of the industry – the U.S. Federal Deposit Insurance Corporation (FDIC). The clash involves a staggering sum of $1.9 billion, a vault of cash that SVB contends belongs to them, a claim the FDIC currently rejects. This case has sent tremors through the economic landscape, underlining the tension between regulators and financial institutions. Crisis unfolding in…

    Article 2023年7月11日

  • Worldcoin continues to make negative headlines – Bavaria’s Data Watchdog speaks

    TL;DR Breakdown The controversy around Worldcoin continues as Bavaria data watchdog states that it had not wrapped up investigations before WLD launched. Worldcoin remains under heavy investigations by Germany’s Federal Financial Supervisory Authority or BaFin. The Kenyan government suspends Worldcoin operations in the nation as police take extreme measures. Worldcoin has been accused of being a ‘data snitch’ to government entities. Description According to incoming market reports, Bavaria’s data watchdog had not completed its privacy and security evaluation of Worldcoin prior to the project’s launch, the agency’s chief stated.  Bavaria is a German state in which Worldcoin (WLD) has established an entity to administer the data for its European users; consequently, the local authority is leading the … Read more According to incoming market reports, Bavaria’s data watchdog had not completed its privacy and security evaluation of Worldcoin prior to the project’s launch, the agency’s chief stated.  Bavaria is a German state in which Worldcoin (WLD) has established an entity to administer the data for its European users; consequently, the local authority is leading the investigation. Worldcoin faces intense criticism…

    Article 2023年8月9日
TOP