Posted on August 11, 2023 at 5:31 PM

Bitforge Crypto Wallet Flaws Target Cryptocurrency Wallet Providers

Several zero-day vulnerabilities known as BitForge have affected several leading cryptocurrency wallet providers. The affected providers include Binance, Coinbase, ZenGo, and others. The flaws in question allow threat actors to steal cryptocurrencies stored in compromised wallets. The theft is done without the interaction of the user or vendor.

BitForge crypto wallet flaws allow hackers to steal crypto

The security vulnerabilities were detected by the Fireblocks Cryptography Research Team in May 2023. The research team named the flaws “BitForge.” The flaws were made public during the BlackHat 2023 event.

The analysts that detected the flaw made a presentation known as “Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets.” Coinbase and ZenGo, affected by this flaw, have already applied patches to address the issue.

The report by Fireblocks noted that Binance and other crypto wallet providers are still vulnerable to the BitForge flaw. The team at Fireblocks has set up a status checker for projects to help determine if their wallet providers are vulnerable to risks because of their shortcomings in implementing multi-part computation (MPC) protocol.

The first security vulnerability detected by Fireblocks is tracked as CVE-2023-33241, and it affects the GG18 and GG20 threshold signature schemes (TSS). These schemes are pioneers in the industry and are used as a foundation for the MPC digital wallet sector. It allows different parties to generate keys while co-signing transactions.

The analysts at Fireblocks have also said that the hacker behind such exploits might send specially created messages while extracting key shards within 16-but chunks. The hacker later gains access to the entire private key of this wallet. The security flaw happens because of a failure to monitor the Paillier modulus and the encryption status depending on factors such as biprimes.

The report published by Fireblocks said that if this security vulnerability is exploited, it will result in the hacker interacting with signatories within the TSS protocol. The hacker intends to steal secret shards and secure the master secret key.

The report also said that the severity of this security flaw depends upon the implementation parameters. Moreover, different parameter choices also trigger different attacks requiring different resources while requiring a particular degree of effort to gain access to the full key.

A similar vulnerability was also detected within the Lindell17 2Pc protocol. This vulnerability is tracked as CVE-2023-33242, allowing a malicious actor to access an entire private key that harbors around 200 signature attempts.

The vulnerability also exists in the implementation of the 2PC protocol instead of the actual protocol, and it can be seen in the mishandling of aborts by wallets. The flaw allows the wallets to sign operations exposing different private key sets.

Security vulnerability exploited by hackers

The report by Fireblocks further said that “The attack takes advantage of a mishandling of aborts by wallets using the 2PC protocol given an “impossible choice” between aborting operations, which is an unreasonable approach given funds might be blocked in the wallet, or to continue signing and sacrificing additional bits of the key with every signature.”

The attack exploiting this security flaw is asymmetric and can be used after compromising the client or server. In the first instance, the hacker will compromise the client and manipulate it into sending commands to the server, revealing the server’s secret key bits.

According to Fireblocks, 256 such attempts were needed to collect enough data to recreate the entire secret share of the server. However, given that no limit has been put in place, an attacker needs to gain access to the server without any succeeding requests, with the attack being conducted in just a short time.

In the second scenario, the secret key of the client is targeted, and a compromised client-server is used to retrieve it through a message that has been specially created. 256 requests are needed to complete key extraction.

As aforementioned, one of the compromised wallet providers, Coinbase, issued a patch in the Wallet as a Service (WaaS) solution after revealing these security vulnerabilities. The Chief Information Security Officer at Coinbase, Jeff Lunglhofer, thanked Fireblocks for detecting and disclosing the security flaw. The executive said customers and funds are needed to maintain a trustless cryptographic model on the MPC implementation.

The Coinbase information security chief also said that creating a high industry bar for safety protected the ecosystem, and it was also vital to support the broad adoption of the technology and ensure that malicious actors are kept at bay.