Fireblocks’ second annual user conference, SPARK ‘23, saw nearly 600 attendees representing over 300 companies in the digital asset and crypto space. Kicking off the conference was the welcome reception, which featured a spectacular drone show. The display set the tone for what SPARK is about – innovation and community. The conference empowers customers to maximize the full potential of the Fireblocks platform while forging new alliances with fellow leaders.

On December 14, 2023, the Ledger Connect Kit was compromised, allowing attackers to drain users’ wallets on dozens of decentralized apps. Fireblocks’ customers were not impacted by the attack. Fireblocks dApp Protection, the latest security feature in our DeFi solution, detected and prevented customers from unknowingly interacting with the impacted dApps.

Today, Fireblocks is launching Off Exchange – a new solution that enables trading firms and asset managers to trade on centralized exchanges from an on-chain MPC shared wallet, eliminating exchange counterparty risks.

The Fireblocks research team has released an experimental open-source Chrome extension for the verification of token balances on block explorers and portfolio websites. The extension is the first real-world application on Ethereum which utilizes trustless light client technology, and is a step forward in our commitment to continuously advance blockchain security.

CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos.

Since the start of Bitcoin in 2009, the popularity and prevalence of cryptocurrencies has exploded, resulting in a net worth of over $1 trillion that continues to grow. Cryptocurrency—held in virtual wallets—is obtained by users who purchase coins on a cryptocurrency exchange, receive coins as payment from someone else, or “mine” coins virtually themselves.

The Fireblocks research team recently uncovered an ERC-4337 Account Abstraction vulnerability in the smart contract wallet UniPass. Fireblocks worked with UniPass to fully mitigate the vulnerability, which was found in hundreds of mainnet wallets in a whitehat operation. All funds are now safe and accounted for.

On October 18, security researcher Zemnmez began the process of responsibly disclosing a "Use of Weak Hash" vulnerability that they found in crypto-js, an open source JavaScript library of crypto standards, for which maintenance has been discontinued. The vulnerability also impacts the crypto-es package (for ES6 and TypeScript), and the researcher has opened a similar issue requesting that the maintainers enable private disclosures.