Binance’s CEO Changpeng Zhao, has confirmed that the BitForge vulnerability, which affected several MPC protocols, has been fixed in the TSS Library that Binance open-sourced. He also thanked Fireblocks for uncovering the issue and assured users that their funds are safe.
Binance, one of the world’s largest crypto exchanges, has addressed the BitForge vulnerability, a security issue that impacted several multi-party computation (MPC) protocols used by crypto wallet providers.
Binance’s CEO Changpeng Zhao (CZ) said that the vulnerability was present in the Threshold Signature Scheme (TSS) Library that Binance open-sourced, but it has been fixed, and no user funds were affected.
BitForge Poses a Security threat to MPC protocols
The BitForge vulnerability was discovered by Fireblocks, a digital asset infrastructure company, and disclosed in a press release on August 9.
According to Fireblocks, the vulnerability affected widely adopted MPC protocols, such as GG-18, GG-20, and Lindell17.
MPC protocols allow multiple parties to control and manage cryptocurrency holdings without disclosing their private keys.
The vulnerability could allow attackers with privileged access to extract the full private key from a single device and drain funds from the wallets of millions of retail and institutional customers in seconds without their knowledge or consent.
Fireblocks said it notified over 15 wallet providers and projects potentially at risk and helped them fix the issue.
Binance’s Response to the BitForge Vulnerability
Binance’s CZ confirmed via Twitter that the BitForge vulnerability was present in the TSS Library that Binance open-sourced, which implements a threshold signature scheme for ECDSA and EDDSA.
He reported that the issue had been fixed and thanked Fireblocks for uncovering it. He also assured users that no Binance user funds were compromised.
CZ also advised users to remain #SAFU, a term coined by Binance to promote security awareness among its users.
He also stated that Binance will continue contributing to open-source blockchain development and improving funds and information security for BNB Chain, Bitcoin networks, and more.
Security and Transparency Challenges for Crypto Wallet Providers
The BitForge vulnerability highlights the importance of security and transparency in the crypto industry, especially for wallet providers and custodians who handle large amounts of funds.
It also shows the need for collaboration and communication among different projects and platforms to identify and fix potential security issues before they cause any harm.
Fireblocks’ co-founder and CTO Pavel Berengoltz said that not all MPC developers and teams are created equal and urged users to do their due diligence before choosing a wallet provider.
He also said that Fireblocks will continue to conduct research and share its findings with the community to enhance the security and reliability of MPC protocols.
