Major Crypto Wallet Providers Patch Critical Vulnerabilities Potentially Affecting Millions of Users

Coinbase, Binance, and ZenGo have fixed critical vulnerabilities in widely used cryptographic protocols that could have allowed attackers to steal private keys from users' wallets. The vulnerabilities, called BitForge, were identified by the Fireblocks Cryptography Research Team and could have affected millions of users. The vulnerabilities downgraded the protection offered by the multi-party computation (MPC) system to that of a conventional single key system. Wallet providers that utilize the GG-18, GG-20, and Lindell17 protocols were impacted, and Fireblocks recommends that users check with their providers or consult their BitForge Status Tracker to see if their wallet may be affected.

Fireblocks

Original Link

Comments

All Comments

Recommended for you

Cointime精选 ·

Enshrine AI into EVM

Axonum enshrines AI into blockchain to build a decentralized supercomputer powered by global collective intelligence.
Cointime精选 ·

Volume 180: Digital Asset Fund Flows Weekly Report

US$435 outflows continue as incumbent ETF issuers continue to see withdrawals
MIIX Capital ·

MIIX Capital: io.net Research & Analysis Report

io.net is a decentralized GPU network for ML computing, valued at $1 billion, expected to reach over $5 billion in the bull market cycle.
NFTScan ·

NFT 101: What Is NFT Perps Trading?

NFT Perpetual Futures (NFT Perps) is a new type of derivative that allows investors to trade NFTs with better liquidity.
NFTScan ·

X Space Recap: Web3 Users’ Crypto Asset Security in the New Asset Protocol Boom

In the new asset protocol trend and the rapid development of the NFT ecosystem, with various new gameplay emerging, how Web3 users can effectively protect their crypto assets has become a new challenge.
Shenyu: Up to one billion users' cloud input methods may have leaked input content. Please take immediate measures to reduce the risk.

On April 29th, Cobo co-founder and CEO Shen Yu wrote on X platform that the cloud input method used by up to one billion users may have leaked input content. If you have entered mnemonic words or other sensitive information through any of the following cloud input methods, please take immediate measures to reduce the risk.
Chainlink ·

What Is Tokenization?

Tokenization is the process of creating a digital representation of an asset by issuing a blockchain-based token.
Cointime精选 ·

A Superior Onboarding Experience: Overtime Markets Integrates Particle Network’s Wallet Abstraction

Overtime Markets is a decentralized, permissionless sports market on the Arbitrum, Base and Optimism L2s. It’s developed on top of the Thales protocol, a permissionless, order book-based peer-to-peer Positional Markets platform powered by Chainlink price feeds.
SlowMist: Beware of watering hole attacks launched by malicious attackers using WordPress plugin vulnerabilities

SlowMist Security has issued a warning that attackers have recently been exploiting vulnerabilities in WordPress plugins to inject malicious JS code into normal websites and launch watering hole attacks. These attacks involve popping up malicious windows when users visit the site, deceiving them into executing malicious code or performing Web3 wallet signatures, thereby stealing their assets. It is recommended that sites using WordPress plugins check for vulnerabilities, update plugins in a timely manner, and avoid being attacked. When visiting any website, users should carefully identify the downloaded programs and Web3 signature content to avoid downloading malicious programs or having their assets stolen due to malicious signatures.
Unverified Ember Sword NFT auction contract vulnerability has caused nearly $200,000 in losses

Certik has discovered a vulnerability in the unverified Ember Sword NFT auction contract, which has earned 60 WETH (approximately $195,000) from 159 victims who approved the contract. Certik reminds users to revoke their approval of the relevant contract on Polygon.