Fireblocks Researchers Uncover BitGo Wallet Vulnerability

Fireblocks Researchers Uncover BitGo Wallet Vulnerability

March 17, 2023 — Today, the Fireblocks cryptography research team released the details of a vulnerability in BitGo Threshold Signature Scheme (TSS) wallets that would have exposed the private keys of every BitGo user, including exchanges, banks, and other notable brands. The vulnerability — dubbed the BitGo Zero Proof Vulnerability — allows an attacker to extract the full private key in less than 60 seconds using only a small JavaScript snippet.

The Fireblocks cryptography team notified BitGo of the vulnerability on December 5, and after confirming the technical details, BitGo suspended its vulnerable service on December 10. In February, BitGo released a patch for the vulnerability, and required its clients to update to the latest version by March 17.

"As attacks on the crypto industry continue to accelerate, licensed custodians are entrusted with securing billions of dollars in user funds. The vulnerability is a result of the wallet provider failing to follow a well-reviewed cryptographic standard," said Idan Ofrat, Co-founder and CTO at Fireblocks. "The explosive growth of digital assets in the last few years, both in numbers of users and transaction volumes, has made it extremely lucrative for hackers to target this space. Fireblocks' mission is to help the industry increase its resilience and security, and our research team is proud to assist qualified custodians so that they may ensure the security of their code and offerings."

The vulnerability, which the Fireblocks team proved was exploitable via a free BitGo account on Mainnet, is a result of a missing implementation of mandatory zero-knowledge proofs in the BitGo ECDSA TSS wallet protocol, making it easy to expose the private key through a simple attack. All enterprise-grade digital asset custody platforms rely on either multi-party-computation (MPC/TSS) or multi-signature technology to eliminate a single point of compromise by distributing the private key between multiple users and parties, in order to ensure security controls even if one of the parties is compromised. The BitGo Zero Proof vulnerability allows any party, including internal and external attackers, to gain access to the full private key, completely bypassing all enterprise security and compliance controls. The attack could have been carried out in two possible scenarios:

  1. A compromised user in the customer organization – In this scenario, the attacker is either a malicious employee or compromised employee computer that has limited transaction signing permission. The user initiates a transaction using the malicious values to acquire the private shard that is held in BitGo's HSM. BitGo's HSM then performs the signing computation using the malicious values, and responds to the compromised user with information that leaks the BitGo key shard. The attacker can now reconstruct the full private key, load it in an external wallet and withdraw the funds immediately or at a later stage.
  2. If BitGo is compromised – In this scenario, an attacker lays in wait for a customer to initiate a transaction, then replies with malicious values that are unbeknownst to the customer. The malicious value is used to sign the transaction with the customer's key share. The attacker can then use the response from the customer to reveal their key share and expose the full private key using BitGo's key shard, all without anyone's knowledge or defense.

While assets have not yet been withdrawn by attackers, it is feasible that private keys of wallets exposed to a similar class of vulnerabilities may have been compromised. As an industry best practice, Fireblocks recommends that users who created ECDSA TSS BitGo wallets prior to the fix date consider creating new wallets and transfer their funds to their new wallets. 

For the full technical analysis of the BitGo Zero Proof Vulnerability, please visit https://www.fireblocks.com/blog/bitgo-wallet-zero-proof-vulnerability

About Fireblocks

Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks enables exchanges, lending desks, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. Fireblocks serves thousands of financial institutions, has secured the transfer of over $4 trillion in digital assets, and has a unique insurance policy that covers assets in storage and transit. Some of the biggest trading desks have switched to Fireblocks because it's the only solution that CISOs and Ops Teams both love. For more information, please visit www.fireblocks.com.