My Learnlist: Coming Soon!
My Learnlist: Coming Soon!

Learn by real-life examples: Select, Track & Understand any cryptos with the unique Learnlist feature!

Notify Me!
Portfolio: Coming Soon!
Portfolio: Coming Soon!

Set your wallet & get powerful insights backed by data. Easily learn how to use it for your highest rewards!

Notify Me!

Critical Security Issue in BitGo Wallet Resolved After Fireblocks Discovery

Critical Security Issue in BitGo Wallet Resolved After Fireblocks Discovery

Crypto wallet BitGo fixes vulnerabilities allowing malicious actors to steal the private keys of its clients.

BitGo, the provider of institutional-grade, multi-coin cryptocurrency wallet, has fixed a security vulnerability that posed a risk to the private keys of both retail and institutional customers.

Fireblocks, a cryptography research team, discovered the critical security flaw in BitGo's wallet and notified the company in December 2022.

Blockchain Transaction Easily Explained! (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Blockchain Transaction Easily Explained! (Animated)

Blockchain Transaction Easily Explained! (Animated) Blockchain Transaction Easily Explained! (Animated)

The vulnerability was linked to BitGo Threshold Signature Scheme (TSS) wallets, which threatened to expose the private keys of exchanges, banks, and businesses operating on the platform.

In its report, Fireblocks revealed that vulnerability would allow malicious actors to bypass "all of BitGo security features."

The vulnerability allows an attacker to extract the full ECDSA private key from BitGo Ethereum TSS wallets using a single signature and a few seconds of computation, bypassing all of BitGo security features.

Dubbed the BitGo Zero Proof Vulnerability, the issue could have enabled potential malicious actors to extract a private key in less than a minute using a small JavaScript code.

As a response to the vulnerability, BitGo suspended the affected service on December 10th. In February 2023, BitGo fixed the issue and urged users to update their client-side software to the latest version by March 17th.

On top of that, Fireblockcs noted that the vulnerability can be exploited by malicious actors "with no prior secret material knowledge."

The attack is symmetric and can be executed by both parties in the interaction or by a middleman with no prior secret material knowledge, exposing the key material to many different internal and external attackers.

Fireblocks detailed their discovery process, which involved using a free BitGo account on the mainnet. The team found that BitGo's ECDSA TSS wallet protocol was missing an essential part of mandatory zero-knowledge proofs, allowing them to expose the private key through a simple attack.


Watch a short Lighthouse course & get 2 FREE Avatar NFTs + win Spatial Metaverse Space!

Claim Your Rewards
Learnoverse Astra Learnoverse Astra


Earn Huge Exclusive Binance Learners Rewards