A new set of vulnerabilities referred to as ‘BitForge’ has been discovered by blockchain security firm Fireblocks. The zero-day vulnerability targets crypto wallets that use multi-party computation (MPC) technology, allowing bad actors to steal digital assets stored in them without requiring any communication with the owner or the vendor.
Zero-day vulnerabilities are technical loopholes that weren’t discovered by developers of the affected software prior to being disclosed by a third party.
New Zero-Day Bug Affecting Multi-Signature Crypto Wallets
According to a security report put out by the enterprise-grade crypto infrastructure company, BitForge has reportedly been implemented in GG18, GG20, and Lindell17 2PC protocols under the MPC that are leveraged by some of the biggest crypto wallet service providers in the industry, including Binance, Coinbase, and ZenGo.
The bugs were first discovered by Fireblock’s Cryptography Research Team in May. Right then, the company informed more than a dozen firms providing MPC wallets about the issue and worked with them to reduce their exposure to potential exploits.
Although Fireblocks says that a majority of the targeted wallets have patched up their vulnerabilities, the threat still persists, bringing the safety of the supposedly “ultra-safe” MPC wallets into question.
The blockchain security provider said it has identified other parties that might be impacted by the security breach and have reached out to them in accordance with the industry-standard 90-day responsible disclosure process.
In response to the ongoing threat, Fireblocks has created a status checker for crypto wallet providers to confirm if their products and services powered by MPC protocols are exposed to the risk.
How Does the BitForge Vulnerability Strike?
On Wednesday, Fireblocks revealed details about the bug to the public in a blackhat presentation titled ‘Small Leaks, Billion of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets’.
In the report, Fireblocks explained how the flaws get compromised. The first vulnerability – CVE-2023-33241 – affects the GG18 and GG20 threshold signature schemes (TSS), which are protocols considered fundamental to MPC wallets as they allow multiple users to generate private keys and co-sign transactions.
Fireblocks analysts discovered that when BitForge is implanted on the TSS protocols, a hacker can freely interact with other signatories and steal their key shards in 16-bit chunks by sending a specially crafted message. By repeating this process 16 times, the attacker will eventually be able to retrieve the wallet’s master password.
The on-chain security expert bases the severity of BitForge on its implementation parameters, where different parameter choices result in different types of attacks that require varying degrees of effort and resources to extract the private key completely.
Fireblock says the vulnerability arises from digital wallet service providers being unable to check the status of their encryption module or the attacker’s Paillier modulus homomorphic encryption scheme.
The second vulnerability – CVE-2023-33242) – discovered in the Lindell17 2PC protocol works in the same way as the one mentioned earlier, by allowing the hacker to extract the entire private key after approximately 200 attempts to sign transactions.
Apparently, the flaw lies in the way the protocol was implemented rather than the protocol itself as it is known to mishandle wallet aborts, which forces the 2PC to continue signing transactions while exposing bits and parts of the private key until the entire password is revealed to the hacker.
Analysts say the attack may be “asymmetric”, meaning the BitForge vulnerability can be exploited either by corrupting the client or the server. In the first scenario, the hacker corrupts the client to make the system send commands to the server on its behalf.
This reveals a small portion of the server’s private key. The attacker will be able to reconstruct the entire master key after 256 such attempts.
Since the protocol has no request limit functionality, the hacker can send multiple succeeding requests to the server to carry out the attack in a matter of minutes.
The second scenario involves targeting the private key of each client. This requires using an already compromised server to retrieve the key by sending the clients specially crafted requests. Once again, 256 requests are to be made to the client to complete the master key extraction procedure.
Fireblocks has since published two proofs-of-concept (PoC) exploits for all three MPC protocol vulnerabilities on GitHub for developers to refer to.
Coinbase Thanks Fireblock for Identifying and Reporting the Threat
Coinbase, which offers crypto wallet services to both retail and institutional clients, said its wallets were not exploited by the vulnerability. The crypto trading platform’s main user-facing wallet, Coinbase Wallet, was not impacted by the bug.
Whereas, Coinbase Wallet-as-a-service (WaaS), which is used by the company’s corporate clients to power their own MPC wallets was said to be vulnerable to BitForge before Coinbase interfered and implemented a fix.
The crypto firm, which operates the world’s second-largest crypto exchange, thanked researchers at Fireblock for quickly identifying the issue and disclosing it. Coinbase promised customers that their funds were never at risk.
Jeff Lunglhofer, the chief IT security officer at Coinbase emphasized the importance of maintaining a “fully trustless cryptographic model” for MPC wallets and the need to protect the crypto ecosystem and broaden the adoption of its technology by setting a high bar for safety.