Crypto wallets patch zero-day vulnerabilities to safeguard user funds

Fireblocks finds 16 affected wallet providers and open-source libraries but stops short of publicly naming the companies to provide time to implement a fix

article-image

eamesBot/Shutterstock, modified by Blockworks

share

Leading multi-party computation wallet providers, including Coinbase, Binance and ZenGo, have patched critical vulnerabilities discovered in widely used cryptographic protocols, potentially affecting millions of users.

Dubbed BitForge, the vulnerabilities identified and unveiled by the Fireblocks Cryptography Research Team on Wednesday could have allowed attackers to steal private keys from users’ wallets.

The disclosed vulnerabilities “effectively downgrade the protection offered by the MPC system to that of a conventional single key system,” Idan Ofrat, co-founder and chief product officer at Fireblocks told Blockworks.

GG-18 and GG-20 protocols were found to be vulnerable at the pseudocode level — the inherent design or logic of the protocols — enabling attackers to exploit the flaw by exfiltrating the full private key, a Fireblocks spokesperson said.

In simpler terms, it’s like having a flaw in the blueprint of a building. Even if you build the structure perfectly according to the blueprint, the flaw is inherent in the design itself.

“BitForge only impacts MPC wallet providers that utilize the GG-18, GG-20, and Lindell17 protocols,” the spokesperson said. “Even if another provider is using a different MPC [multi-party computation] protocol, it is important to ensure they undergo regular code audits and have the cryptography resources to immediately patch security vulnerabilities.”

Some implementations required just 16 signatures for key extraction, while others could have necessitated as many as 1 billion. The Lindell17 vulnerability, on the other hand, emerged from wallet providers deviating from the protocol’s academic paper, which has since been updated. 

The vulnerability created a backdoor for attackers to expose part of the private key when signing fails, Fireblocks said. In 2020, the GG protocols were updated to patch an earlier vulnerability, but these modifications inadvertently created additional flaws. 

Fireblocks is advising all providers implementing these protocols to include required zero-knowledge proofs to enhance security. Users can check their exposure status through the BitForge Status Tracker.

While major players like Coinbase have resolved the vulnerabilities, the risk to smaller providers underscores the need to consult security experts to stay a step ahead, Fireblocks co-founder and CTO Pavel Berengoltz said.

“In cybersecurity, It is a common protocol for security researchers to provide information about a vulnerability they discovered to affected vendors privately and give the vendors 90 days to fix the vulnerability prior to disclosing it to the general public,” Ofrat said. “This allows the vendor ample time to mitigate the vulnerability while also making sure that security issues are eventually published for the public good to advance the entire ecosystem forward.”

Fireblocks identified 16 affected providers and open-source libraries but refrained from publicly naming the companies, emphasizing industry collaboration and providing a chance for fixes. 

“As GG-18, GG-20, and Lindell17 are some of the most popular MPC protocols used by wallet providers, we wanted to provide users with the ability to find out whether they are currently impacted by BitForge,” the spokesperson said.

Ofrat recommends that wallet users check with their providers or consult Fireblocks’ BitForge Status Tracker to see if their wallet may be affected.

James Cirrone contributed reporting.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

Ethena Labs is leaping from its flagship synthetic dollar, USDe, to a full product suite—USDtb, iUSDe, and the Arbitrum-based Converge Chain—designed to marry crypto-native yields with TradFi-grade compliance. Our analysis shows how expanding into CME, ETF options, and tokenized Treasuries could lift protocol revenue from sub-$500 million in a bear case to several billion dollars if favorable regulation and institutional adoption align.

article-image

The L1’s Interwoven Stack is the most opinionated tech stack yet

article-image

Bitcoin is still rising, 11 years after the documentary film The Rise and Rise of Bitcoin

article-image

Arch Labs CEO told Blockworks that the team plans to launch a native token, but declined to give details

article-image

CEO Mike Silagadze tells Blockworks that the US is “open for business” and why its DeFi bank offering is the first of many

article-image

Doing one thing well and leaving everything else out is often what disruptive technologies do best