🚨 Get Your Free NFT Certificate Mint by Completing the Web3 Exam! START NOW
My Learnlist: Coming Soon!
My Learnlist: Coming Soon!

Learn by real-life examples: Select, Track & Understand any cryptos with the unique Learnlist feature!

Notify Me!
Portfolio: Coming Soon!
Portfolio: Coming Soon!

Set your wallet & get powerful insights backed by data. Easily learn how to use it for your highest rewards!

Notify Me!

Critical Security Issue in BitGo Wallet Resolved After Fireblocks Discovery

Critical Security Issue in BitGo Wallet Resolved After Fireblocks Discovery

Crypto wallet BitGo fixes vulnerabilities allowing malicious actors to steal the private keys of its clients.

BitGo, the provider of institutional-grade, multi-coin cryptocurrency wallet, has fixed a security vulnerability that posed a risk to the private keys of both retail and institutional customers.

Fireblocks, a cryptography research team, discovered the critical security flaw in BitGo's wallet and notified the company in December 2022.

Crypto Mining Explained: How to Earn From Mining Bitcoin? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Crypto Mining Explained: How to Earn From Mining Bitcoin? (Animated)

Crypto Mining Explained: How to Earn From Mining Bitcoin? (Animated) Crypto Mining Explained: How to Earn From Mining Bitcoin? (Animated)

The vulnerability was linked to BitGo Threshold Signature Scheme (TSS) wallets, which threatened to expose the private keys of exchanges, banks, and businesses operating on the platform.

In its report, Fireblocks revealed that vulnerability would allow malicious actors to bypass "all of BitGo security features."

The vulnerability allows an attacker to extract the full ECDSA private key from BitGo Ethereum TSS wallets using a single signature and a few seconds of computation, bypassing all of BitGo security features.

Dubbed the BitGo Zero Proof Vulnerability, the issue could have enabled potential malicious actors to extract a private key in less than a minute using a small JavaScript code.

As a response to the vulnerability, BitGo suspended the affected service on December 10th. In February 2023, BitGo fixed the issue and urged users to update their client-side software to the latest version by March 17th.

On top of that, Fireblockcs noted that the vulnerability can be exploited by malicious actors "with no prior secret material knowledge."

The attack is symmetric and can be executed by both parties in the interaction or by a middleman with no prior secret material knowledge, exposing the key material to many different internal and external attackers.

Fireblocks detailed their discovery process, which involved using a free BitGo account on the mainnet. The team found that BitGo's ECDSA TSS wallet protocol was missing an essential part of mandatory zero-knowledge proofs, allowing them to expose the private key through a simple attack.

Gile K., Market Sentiment Analyst
Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.



Earn Huge Exclusive Binance Learners Rewards