Cryptocurrencies, blockchain, NFT and new trends

Fireblocks claims it detected vulnerability, now patched, in competitor BitGo’s TSS wallets

Crypto Ecosystems • March 17, 2023, 9:00AM EDT

Quick Take

  • Fireblocks researchers claim they reported a now-patched vulnerability in competitor BitGo’s wallet software. 
  • Meanwhile, BitGo said the wallet type in question was still in early access and had only been made available to 20 developers. 

Stay updated on Pro Crypto Ecosystems news by locking ACS tokens with The Block.

Connect/Create Wallet You can unlock at any time.*
No wallet? No problem. You can set one up for free. We recommend Torus for first-time users.
*a 2% locking fee will be added at the time of locking. Learn more about Access Protocol

Researchers at Fireblocks claim in a report they discovered a critical vulnerability in BitGo’s Threshold Signature Scheme (TSS) wallet type used for multi-party computation (MPC). BitGo and FireBlocks compete in providing custody and wallet services to institutional clients.

Fireblocks’ report added BitGo took action in December 2022 after being notified of the vulnerability and released a patch to the issue in February.

According to Fireblocks’ allegations, the said vulnerability resulted from a missing implementation of mandatory zero-knowledge proofs in the TSS wallet protocol. This omission could potentially have made it possible for attackers to extract users’ private keys and gain access to their assets, FireBlocks’ report continued.

Fireblocks also claimed in its report that the vulnerability allowed them to extract the private key of a BitGo TSS wallet on the Ethereum mainnet. However, the company did not specify whether any BitGo user had actually lost assets as a result of the vulnerability.

BitGo’s response

BitGo has criticized Fireblocks’ finding, calling it a “publicity stunt” that attempts to create fear and damage BitGo’s reputation. It claimed that the wallet type in question was still in early access and had only been made available to 20 developers. BitGo added it was pursuing legal remedies against Fireblocks.