Vulnerabilities in protocols used by major cryptocurrency wallets have been identified, putting investors’ digital assets at risk. Researchers from Fireblocks presented their findings at Black Hat USA, explaining how cyber attackers could exploit the Lindell17, GG18, and GG20 threshold signature schemes (TSS) used for blockchain transactions by various services globally. These protocols are employed by popular libraries and wallet providers such as Zengo and Coinbase’s wallet-as-a-service.
Zengo and Coinbase have since taken steps to address the issue, and no instances of attackers exploiting the TSS vulnerabilities have been reported thus far.
The vulnerability lies in private keys, which are essential for the autonomy and control of cryptocurrency wallets. Private keys serve as unique identifiers associated with online wallets, and whoever has control over the private key can access and manage the wallet and its contents.
Shahar Madar, Fireblocks’ head of security products, emphasized the fragility of private keys in terms of security. He raised the question of where individuals should store their private keys, given the risk of a single point of failure. To address this concern, multiparty computation (MPC) was introduced, requiring multiple parties to approve transactions. This adds an extra layer of security, ensuring that a certain threshold of approval is met before a transaction can be deemed valid. This mechanism is particularly crucial for large financial institutions transacting significant amounts of money using blockchain technology.
Fireblocks identified vulnerabilities that could enable an attacker to infiltrate this process and assume control over the involved parties. The attack begins with compromising a party to the signature process, such as the wallet’s user or provider. The attacker can then send carefully crafted messages that leak bits of the user’s private key data over time.
For instance, with Lindell17, the attacker can exploit how the protocol handles aborts, forcing it to make an “impossible choice” between aborting operations or continuing to sign with the compromised key. The researchers explained that with repeated malicious messages, more private key data is leaked until the attacker gains access to the entire key.
In the case of GG18 and GG20, the researchers observed that an attacker could extract key data without compromising a transaction’s party. Additionally, in one MPC library, the attacker could recover the private key during the generation process of a key pair without the need for malicious messages.
The discovery that these security protocols can be exploited in such a manner highlights the importance of implementing additional security measures. Organizations handling digital assets should have internal crypto teams with expertise in the field and high-quality detection systems. By having an authorized party involved in the transaction, potential attacks can be detected and responded to before they compromise the security of the system.
Although no attacks utilizing these vulnerabilities have been reported so far, it is crucial to remain vigilant and proactive in ensuring the protection of cryptocurrency wallets. With the growing popularity and adoption of cryptocurrencies, the need for robust security measures becomes increasingly critical to safeguard investors’ digital assets.