{"id":56336,"date":"2023-08-10T07:59:20","date_gmt":"2023-08-10T11:59:20","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=56336"},"modified":"2023-08-10T07:59:23","modified_gmt":"2023-08-10T11:59:23","slug":"binance-tss-library-fixes-bitforge-bug-no-funds-lost","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/binance-tss-library-fixes-bitforge-bug-no-funds-lost\/","title":{"rendered":"Binance TSS Library Fixes BitForge Bug, No Funds Lost"},"content":{"rendered":"\n

Binance\u2019s CEO Changpeng Zhao<\/a>, has confirmed that the BitForge vulnerability, which affected several MPC protocols, has been fixed in the TSS Library that Binance open-sourced. He also thanked Fireblocks for uncovering the issue and assured users that their funds are safe.<\/p>\n\n\n\n

\"Binance<\/figure>\n\n\n\n

Binance, one of the world\u2019s largest crypto exchanges, has addressed the BitForge vulnerability, a security issue that impacted several multi-party computation (MPC) protocols used by crypto wallet providers. <\/p>\n\n\n\n

Binance\u2019s CEO Changpeng Zhao (CZ) said that the vulnerability was present in the Threshold Signature Scheme (TSS) Library\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> that Binance open-sourced, but it has been fixed, and no user funds were affected.<\/p>\n\n\n\n

BitForge Poses a Security threat to MPC protocols<\/h3>\n\n\n\n

The BitForge vulnerability was discovered by Fireblocks, a digital asset infrastructure company, and disclosed in a press release on August 9. <\/p>\n\n\n\n

\n

1\/ The Fireblocks research team has uncovered BitForge, a set of vulnerabilities in some of the most widely adopted MPC protocols, that allow an attacker to retrieve a private key from a single device. Read on \u2192 https:\/\/t.co\/xo2r9zgCvj<\/use><\/svg><\/span><\/a> pic.twitter.com\/7q1nEeVBwO<\/use><\/svg><\/span><\/a><\/p>— Fireblocks (@FireblocksHQ) August 9, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

According to Fireblocks,<\/use><\/svg><\/span><\/a> the vulnerability affected widely adopted MPC protocols, such as GG-18, GG-20, and Lindell17. <\/strong><\/p>\n\n\n\n

MPC protocols allow multiple parties to control and manage cryptocurrency holdings without disclosing their private keys.<\/p>\n\n\n\n

The vulnerability could allow attackers with privileged access to extract the full private key from a single device and drain funds from the wallets of millions of retail and institutional customers in seconds without their knowledge or consent. <\/p>\n\n\n\n

Fireblocks said it notified over 15 wallet providers<\/strong> and projects potentially at risk and helped them fix the issue.<\/p>\n\n\n\n

Binance\u2019s Response to the BitForge Vulnerability<\/h3>\n\n\n\n

Binance\u2019s CZ confirmed via Twitter<\/use><\/svg><\/span><\/a> that the BitForge vulnerability was present in the TSS Library that Binance open-sourced, which implements a threshold signature scheme for ECDSA<\/use><\/svg><\/span><\/a> and EDDSA.<\/use><\/svg><\/span><\/a> <\/p>\n\n\n\n

He reported that the issue had been fixed and thanked Fireblocks for uncovering it. He also assured users that no Binance user funds were compromised.<\/p>\n\n\n\n

CZ also advised users to remain #SAFU,<\/use><\/svg><\/span><\/a> a term coined by Binance to promote security awareness among its users. <\/p>\n\n\n\n

He also stated that Binance will continue contributing to open-source blockchain development and improving funds and information security for BNB Chain,<\/a> Bitcoin networks, and more.<\/p>\n\n\n\n

Security and Transparency Challenges for Crypto Wallet Providers<\/h2>\n\n\n\n

The BitForge vulnerability highlights the importance of security and transparency in the crypto industry, especially for wallet providers and custodians who handle large amounts of funds. <\/p>\n\n\n\n

It also shows the need for collaboration and communication among different projects and platforms to identify and fix potential security issues before they cause any harm.<\/p>\n\n\n\n

Fireblocks\u2019 co-founder and CTO Pavel Berengoltz said that not all MPC developers and teams are created equal and urged users to do their due diligence before choosing a wallet provider. <\/p>\n\n\n\n

He also said that Fireblocks will continue to conduct research and share its findings with the community to enhance the security and reliability of MPC protocols.<\/p>\n","protected":false},"excerpt":{"rendered":"

Binance\u2019s CEO Changpeng Zhao, has confirmed that the BitForge vulnerability, which affected several MPC protocols, has been fixed in the TSS Library that Binance open-sourced. He also thanked Fireblocks for uncovering the issue and assured users that their funds are safe. Binance, one of the world\u2019s largest crypto exchanges, has addressed the BitForge vulnerability, a […]<\/p>\n","protected":false},"author":44,"featured_media":56341,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32],"tags":[5521,5407,15647,202,1406,14793],"class_list":["post-56336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-exchange-news","tag-binance-2","tag-changpeng-zhao-cz","tag-bitforge","tag-blockchain","tag-crypto-exchange","tag-mpc"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/08\/CZ-Binance.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/56336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=56336"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/56336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/56341"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=56336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=56336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=56336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}