Binance CEO Addresses BitForge Vulnerability: Funds Are Safe – Bitcoinist


Binance’s CEO, Changpeng Zhao, has come forward to address concerns regarding the BitForge vulnerability. This security issue, as uncovered by the Fireblocks research team, has been identified in some of the most widely adopted multi-party computation (MPC) protocols, including the likes of GG-18, GG-20, and Lindell17.
Changpeng Zhao, in a reassuring statement, declared via Twitter today, “This issue was present in the Threshold Signature Scheme (TSS) Library Binance open-sourced, which has been fixed. Thanks to Fireblocks for uncovering it! No Binance user funds affected. Even MPC custody solutions have risks. Stay #SAFU!”
Fireblocks’ research unveiled that BitForge is a series of zero-day vulnerabilities that could potentially allow attackers with privileged access to drain funds from wallets without the knowledge of the user or vendor, often in mere seconds.
The vulnerabilities in the GG18 and GG20 protocols were particularly alarming. These protocols, widely adopted by MPC wallet providers, had a flaw due to a missing zero-knowledge proof, which could lead to the full exfiltration of the private key.
The GG-18 and GG-20 protocols had previously been updated in 2020 to patch a known vulnerability. However, these modifications inadvertently introduced another vulnerability. The severity of this flaw varies depending on the specific implementation of the GG protocols by different wallet providers. In some cases, attackers could extract keys in as few as 16 signatures, while in others, it could take up to a staggering 1 billion signatures.
The Lindell17 protocol vulnerability, on the other hand, is a result of deviations from the original academic paper’s specifications. This deviation can lead to mishandling failed signatures, creating a potential backdoor for attackers. An attacker could exploit the party finalizing the signing process, be it the wallet provider or the user, to exfiltrate the key after approximately 200 signature requests.
Fireblocks’ discovery has not only highlighted potential vulnerabilities but also underscored the importance of rigorous security checks and the need for continuous research in the crypto space. Binance’s swift acknowledgment and rectification of the issue in their open-sourced TSS Library exemplify the industry’s proactive stance towards potential threats.
While the crypto community remains vigilant, the transparency and promptness demonstrated by Binance and other affected wallet providers have been commendable. However, as Changpeng Zhao rightly emphasized, even the most trusted solutions can have vulnerabilities.
At press time, the Binance Coin (BNB) traded at $241.9, seeing a slight uptrend following the yearly low at $220 on June 12. However, to confirm a bullish reversal, BNB needs to break the resistance at $258.
For updates and exclusive offers enter your email.
Jake Simmons has been a Bitcoin enthusiast since 2016. Ever since he heard about Bitcoin, he has been studying the topic every day and trying to share his knowledge with others. His goal is to contribute to Bitcoin’s financial revolution, which will replace the fiat money system. Besides BTC and crypto, Jake studied Business Informatics at a university. After graduation in 2017, he has been working in the blockchain and crypto sector. You can follow Jake on Twitter at @realJakeSimmons.
Bitcoin news portal providing breaking news, guides, price analysis about decentralized digital money & blockchain technology.
© 2023 Bitcoinist. All Rights Reserved.


Leave a Reply

Your email address will not be published. Required fields are marked *