Coinbase and ZenGo claim that the vulnerability has been resolved, and customer funds were not at risk.
Digital asset firm Fireblocks has recently uncovered serious vulnerabilities in popular crypto wallet technologies, potentially putting millions of wallets at risk.
On August 9th, Fireblocks shared a press release uncovering that these vulnerabilities, termed as BitForge, predominantly affect wallets using multi-party computation (MPC) technology. This specific tech enables multiple entities to control and manage cryptocurrency assets.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Crypto Wallet? (Explained With Animation)
Previously undetected, these "zero day" vulnerabilities could, if unaddressed, allow malicious actors to instantly steal millions worth of crypto, unbeknownst to users or providers. Fireblocks emphasized the risks, stating:
The exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor.
Among the high-profile wallet providers impacted by these vulnerabilities were companies like Coinbase, ZenGo, and Binance. Thankfully, after Fireblocks’ standardized “90-day disclosure period,” the vulnerabilities within these platforms have been rectified.
Jeff Lunglhofer, the Chief Information Security Officer at Coinbase, expressed gratitude to Fireblocks for their responsible disclosure. He ensured that “Coinbase customers and funds were never at risk."
Likewise, ZenGo’s CTO Tal Be'ery affirmed the swift resolution and confirmed no users' funds were compromised.
Pavel Berengoltz, Fireblocks' CTO and co-founder, commented on the situation.
While we're pleased to see MPC's growing adoption in the digital asset domain, our findings clearly demonstrate that all MPC teams aren’t on the same level.
He further advocated for companies in the Web3 technology sphere to maintain close ties with security specialists possessing the expertise to preempt and address such vulnerabilities.
This revelation underscores the pressing need for continuous technological scrutiny in the rapidly evolving cryptocurrency space, ensuring assets remain secure and stakeholders stay informed.
