Fireblocks specialists reported that BitForge Group’s vulnerabilities were discovered in multilateral computing (MPC) protocols, so the funds of users of multi-signature wallets were at risk. An attacker exploiting the vulnerability would be able to obtain the private key from just one device..
“If the vulnerabilities are not patched as soon as possible, hackers and attackers will be able to siphon funds from the wallets of millions of individual and institutional customers. The process will take them seconds, and the hacker doesn’t need to know the user or the wallet provider,” Fireblocks emphasized in a press release.
Coinbase, Zengo and Binance software were among the wallets compromised. They were told about the vulnerabilities in advance, so the problems found have already been fixed. Coinbase and Zengo representatives thanked Fireblocks and emphasized that user funds were not affected by the hackers. Now Fireblocks experts are determining which other wallets are vulnerable and contacting their developers.
“We are pleased to see that multiple signatures are ubiquitous in the digital asset industry. However, obviously not all MPC developers and protocol teams create quality and secure code. Companies using Web3 must work closely with security experts to stay ahead of and address vulnerabilities,” said Fireblock CTO and co-founder Pavel Beregoltz.
Earlier, CertiK reported the discovery of an important vulnerability in the WorldCoin cryptocurrency project.