- BitForge: Fast Cryptocurrency Theft - September 5, 2023
- Hackers’ Six-Month Plan to Breach CoinsPaid Unveiled - September 4, 2023
- Fake PayPal Stablecoins Flood the Market - September 4, 2023
Popular cryptographic protocols GG-18, GG-20, and Lindell17 have been shown to have serious security flaws, which have a direct impact on popular cryptocurrency wallets like Coinbase, ZenGo, and Binance. Due to these flaws, attackers may quickly steal bitcoin from wallets without the need for user input.
These vulnerabilities, known as “BitForge,” were discovered in May 2023 by the cryptographic research team Fireblocks. The specifics of BitForge were made available to the public at a presentation at BlackHat.
Fireblocks notes that even if Coinbase and ZenGo have fixed the problems, Binance and countless other wallet providers are still at risk from BitForge. A status checker tool that evaluates project risk because of faulty Multi-Party Computation (MPC) protocol implementation has also been created by Fireblocks.
Key to Intrusion: Flawed Protocols Expose Private Keys
The original flaw (CVE-2023-33241 CVSS: 9.6) affects the MPC wallet industry’s crucial Threshold Signature Schemes (TSS) GG18 and GG20, enabling other parties to generate keys and co-sign transactions.
Depending on the system settings, a hacker might send a specially constructed message to extract key fragments in 16-bit blocks, eventually obtaining the entire private key after 16 tries.
Unlocking Secrets: Exploiting Vulnerabilities in Private Key Protection
The second bug (CVE-2023-33242 CVSS: 9.6) has a similar effect on the Lindell17 (2PC) protocol implementation and enables attackers to recover the whole private key after 256 tries.
The 2PC protocol itself does not have this problem; rather, the implementation does. Mishandling interrupt wallets causes them to unintentionally be forced to continue signing transactions, exposing parts of the private key in the process. Due to the issue, 256 queries are required to fully extract the client’s private key from specially crafted messages.
Proof-of-concept (PoC) exploits for the GG18 and GG20 protocols, as well as Lindell17, were released on GitHub by the analysts as part of their disclosure.