Crypto wallets patch zero-day vulnerabilities to safeguard user funds

Fireblocks finds 16 affected wallet providers and open-source libraries but stops short of publicly naming the companies to provide time to implement a fix

by Sebastian Sinclair /
article-image

eamesBot/Shutterstock, modified by Blockworks

share

Leading multi-party computation wallet providers, including Coinbase, Binance and ZenGo, have patched critical vulnerabilities discovered in widely used cryptographic protocols, potentially affecting millions of users.

Dubbed BitForge, the vulnerabilities identified and unveiled by the Fireblocks Cryptography Research Team on Wednesday could have allowed attackers to steal private keys from users’ wallets.

The disclosed vulnerabilities “effectively downgrade the protection offered by the MPC system to that of a conventional single key system,” Idan Ofrat, co-founder and chief product officer at Fireblocks told Blockworks.

GG-18 and GG-20 protocols were found to be vulnerable at the pseudocode level — the inherent design or logic of the protocols — enabling attackers to exploit the flaw by exfiltrating the full private key, a Fireblocks spokesperson said.

Newsletter

Subscribe to Blockworks Daily

In simpler terms, it’s like having a flaw in the blueprint of a building. Even if you build the structure perfectly according to the blueprint, the flaw is inherent in the design itself.

“BitForge only impacts MPC wallet providers that utilize the GG-18, GG-20, and Lindell17 protocols,” the spokesperson said. “Even if another provider is using a different MPC [multi-party computation] protocol, it is important to ensure they undergo regular code audits and have the cryptography resources to immediately patch security vulnerabilities.”

Some implementations required just 16 signatures for key extraction, while others could have necessitated as many as 1 billion. The Lindell17 vulnerability, on the other hand, emerged from wallet providers deviating from the protocol’s academic paper, which has since been updated. 

The vulnerability created a backdoor for attackers to expose part of the private key when signing fails, Fireblocks said. In 2020, the GG protocols were updated to patch an earlier vulnerability, but these modifications inadvertently created additional flaws. 

Fireblocks is advising all providers implementing these protocols to include required zero-knowledge proofs to enhance security. Users can check their exposure status through the BitForge Status Tracker.

While major players like Coinbase have resolved the vulnerabilities, the risk to smaller providers underscores the need to consult security experts to stay a step ahead, Fireblocks co-founder and CTO Pavel Berengoltz said.

“In cybersecurity, It is a common protocol for security researchers to provide information about a vulnerability they discovered to affected vendors privately and give the vendors 90 days to fix the vulnerability prior to disclosing it to the general public,” Ofrat said. “This allows the vendor ample time to mitigate the vulnerability while also making sure that security issues are eventually published for the public good to advance the entire ecosystem forward.”

Fireblocks identified 16 affected providers and open-source libraries but refrained from publicly naming the companies, emphasizing industry collaboration and providing a chance for fixes. 

“As GG-18, GG-20, and Lindell17 are some of the most popular MPC protocols used by wallet providers, we wanted to provide users with the ability to find out whether they are currently impacted by BitForge,” the spokesperson said.

Ofrat recommends that wallet users check with their providers or consult Fireblocks’ BitForge Status Tracker to see if their wallet may be affected.

James Cirrone contributed reporting.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Digital Asset Summit 2025

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Unlocked by Template (4).png

Research

Wormhole Settlement: A Capital Efficient Intents Market

Wormhole Settlement allows for a highly scalable liquidity venue to fill user intents into a multichain, multi-VM future. By concentrating solvers’ balance sheets on Solana, transaction costs associated with solvers rebalancing inventory across destinations are eliminated. With the ability to settle bridging, swapping, and arbitrary interactions, without the costs and frictions of fragmenting solver liquidity, Wormhole Settlement has the opportunity to settle a large share of volumes in the crosschain interoperability market with a beneficial framework for both users and solvers. 

by Luke Leasure

/

news

article-image

FinanceSupply Shock

Bitcoin DeFi key to unlocking $300T potential: Asymmetric Founder

On Supply Shock, Asymmetric founder Dan Held discussed why Bitcoin DeFi will take market share from Solana, Ethereum and other top blockchains

by Pete Rizzo /
article-image

Empire NewsletterFinance

What the OCC’s tone shift means for banks adopting crypto

Pillsbury partner Brian Montgomery said that banks are mulling how to gain exposure to crypto

by Katherine Ross /
article-image

BusinessLightspeed Newsletter

Sol Strategies nearly doubles Solana stake with Laine acquisition

The company has now acquired three Solana validator operators since its September pivot into Solana

by Jack Kubinec /
article-image

Forward Guidance NewsletterPolicy

Crypto summit without substance?

Those hoping for an executive order, a bill draft, or a major announcement from the CFTC or SEC were disappointed

by Casey Wagner /
article-image

Forward Guidance NewsletterMarkets

A BTC check-in as price sinks below $80K 

Uncertainty around the US economy’s outlook is spurring a risk-off wave

by Ben Strack /
article-image

DeFiThe Drop

WolvesDAO’s WOOF token struggles after launch

The team says they’re still building despite the massive weekend selloff

by Kate Irwin /