Vulnerability Management

Critical BitGo vulnerability addressed

Share
Cryptocurrency wallet BitGo has issued a fix for a critical vulnerability impacting its Ethereum TSS wallets, SiliconAngle reports. Identified by Fireblocks, the flaw, which was dubbed "Zero Proof Vulnerability," involved the exploitation of an incomplete Elliptic Curve Digital Signature Algorithm TSS protocol layer, enabling threat actors to evade security defenses and compromise the Ethereum private keys of BitGo users. BitGo was noted by Fireblocks to have taken down the service upon its notification in December. FireBlocks also said that there was "coordinated disclosure" with BitGo, but the cryptocurrency firm noted that the digital asset custody firm was exaggerating the potential impact of the vulnerability as the impacted wallet was only accessible to 20 developers. "It is unusual for a firm to repeatedly contact reporters, regulators and clients about a known issue in a pre-release product, and we are surprised that Fireblocks decided to take that path after we informed them that this was early release software," said BitGo.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.