The crypto wallet sphere – through which users are able to access, purchase, and trade cryptocurrency – was rocked this week when data security company Fireblocks publicly identified a series of vulnerabilities in several major wallets that could allow thieves to take funds without leaving any trace. Millions of users of popular wallets such as Coinbase WaaS, Binance, and Zengo, and dozens of others have been potentially affected by the vulnerabilities.
Codenamed BitForge, the vulnerabilities were discovered in May of 2023 by Fireblocks, who reached out to the affected companies. While many of the major wallets have since patched the vulnerabilities to prevent exploitation, several of them still have not, meaning users are still at risk.
“If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor,” Fireblocks released.
Noting that thefts in the sphere amounted to almost $500 million just in the first half of 2023, Fireblocks stated that the experience has informed it about the importance of companies embracing security as they delve into the field of multi-party computation (MPC) technology.
“While we are encouraged to see that MPC is now ubiquitous within the digital asset industry, it is evident from our findings — and our subsequent disclosure process — that not all MPC developers and teams are created equal. Companies leveraging Web3 technology should work closely with security experts with the know-how and resources to stay ahead of and mitigate vulnerabilities.”
MPCs are designed, in theory, to be only accessible following the secure entry of a private key in three systems – by the user, by the wallet provider, and by another third party. The BitForge vulnerabilities enabled potential hackers to access a wallet after compromising only one of three systems.
The security-first approach
At BitIRA, we’ve worked directly with Fireblocks long before these vulnerabilities were discovered to ensure that our security system is the best in the field. Our commitment to security allowed us to be the first fully-insured cold storage provider.
What does that mean to our customers? It means that, unlike other companies that don’t put user safety first, our goal is to not only provide you with expert service as you navigate the field of crypto investment – it’s to ensure your funds are never in jeopardy from malicious attacks. After all, it’s hard to grow an account when it could be suddenly drained by thieves located anywhere in the world. And we offer end-to-end insurance to back that up.
Importantly, Fireblocks considers the BitForge vulnerabilities to be “zero day”, meaning they were never identified by the companies operating the wallets in question. By working hand in hand with our security partners, we actively work to identify and patch any such vulnerabilities within our system.
To see if you’re currently affected by BitForge, Fireblocks has a utility available here with a list of wallets affected by the vulnerabilities.
If you’d like to safely grow your crypto assets the right way, give us a call today!