• BitGo, a popular cryptocurrency wallet, has fixed a serious flaw that could have exposed the private keys of its retail and institutional users.
• The Fireblocks cryptography research team discovered the vulnerability and informed BitGo of it.
• BitGo issued a patch mandating that all clients upgrade to the most recent version by March 17.
BitGo Fixes Serious Security Flaw
BitGo, a popular cryptocurrency wallet, has fixed a serious security flaw that could have exposed the private keys of its retail and institutional users. In December 2022, the Fireblocks cryptography research team discovered the vulnerability in BitGo’s Threshold Signature Scheme (TSS) wallets and promptly informed BitGo of it. To address this issue, BitGo issued a patch in February 2023 mandating that all clients upgrade to the most recent version by March 17.
How Was Vulnerability Discovered?
The Fireblocks team detailed its discovery of the flaw using a free BitGo mainnet account. They dubbed this vulnerability as “BitGo Zero Proof Vulnerability” which allowed an attacker with access to client side to initiate a transaction and steal part of the user’s private key stored in BitGo’s system following completing signing computation. This could potentially lead to compromising of users’ funds if not addressed immediately.
What Measures Were Taken?
After discovering the security flaw on December 10, BitGO immediately disabled their service and issued a patch in February 2023 for all their clients to upgrade to latest version by March 17th . Fireblocks also advised users to consider opening new wallets and transferring funds from ECDSA Bitgo wallets before fix was released even though no attacks had been carried out yet using reported vulnerability.
What’s Next?
Following these actions taken by both Fireblocks and Bitgo teams , it is essential for users using ECDSA TSS wallets on bitgo platform to upgrade their software before march 17th or else they might be risking their funds being compromised due to lack secure authentication measures on bitgo platform . It is also important for crypto industry players such as exchanges , banks etc who use bitgo services or any other similar services should keep themselves updated with latest security advancements & take necessary precautions while storing digital assets .