Fireblocks reveals details of patched vulnerability in BitGo wallets

The security department of Fireblocks, the crypto custody services provider, revealed details of the vulnerability in BitGo’s wallets.

According to the report, the exploit was detected in December 2022 — at that time the platform suspended wallet operations. In February 2023, the BitGo team implemented fixes and asked its clients to update to the latest version by March 17.

The vulnerability itself resided in the wallets’ threshold signature scheme and arose due to a flaw in the ZK-protocol.

Using it, a potential attacker could access users’ private keys in just a few seconds of computation, bypassing all levels of protection.

“The vulnerability is the result of the wallet provider not adhering to proven cryptographic standards,” said Idan Ofrat, co-founder and chief technology officer of Fireblocks.

The company added that they worked closely with BitGo to fix the flaw and raise the security level.

Experts also warned that some wallets could already have been compromised. Users who registered their addresses before the exploit was fixed are advised to create new accounts.

In March 2023, MetaMask fixed the privacy issue related to account merging.