2 zero-day vulnerabilities were found in the implementation of widely used cryptographic protocols GG-18, GG-20, and Lindell17. The shortcomings have affected popular cryptocurrencies, including Coinbase, Zengo, and Binance. These vulnerabilities allow attackers to quickly steal cryptocurrency from wallets without user interaction.
The Fireblocks Cryptography Team discovered these shortcomings in May 2023 and named them “Bitforge.” They presented information about BitForge at the Blackhat conference.
Currently, Coinbase and Zengo have resolved the issues. However, according to Fireblocks, Binance and several other wallet providers are still vulnerable to BitForge. To check for projects with improper implementation of the Confidential Computations Protocol (MPC), Fireblocks has created a tool for verifying the status. You can access the tool here.
The first vulnerability, known as CVE-2023-33241 (CVSS: 9.6), affects the GG18 and GG20 threshold signature schemes. These schemes are fundamental for the MPC industry, allowing multiple parties to generate keys and sign transactions collaboratively. By exploiting this vulnerability, an attacker can send a specially crafted message and extract key fragments in blocks of 16 bits, eventually extracting the full private key after 16 attempts.
The second vulnerability, known as CVE-2023-33242 (CVSS: 9.6), affects the implementation of the Lindell17 (2PC) protocol. It shares a similar nature with the first vulnerability and allows attackers to extract the entire private key after 256 attempts. This vulnerability exists in the implementation of the 2PC protocol rather than the protocol itself. It is caused by the incorrect handling of interrupted wallets, which unintentionally reveal bits of the private key. The attacker can exploit this by using specially crafted messages. To fully extract the key, 256 requests are required.
In addition, the analysts have published two proof-of-concept (POC) exploits for each of the protocols: GG18 and GG20 and