The vulnerability would have exposed BitGo wallet user’s private key with a simple attack.
The Fireblocks cryptography team notified BitGo of the vulnerability on December 5, and after confirming the technical details, BitGo suspended its vulnerable service on December 10. In February, BitGo released a patch for the vulnerability, and required its clients to update to the latest version by March 17.
“As attacks on the crypto industry continue to accelerate, licensed custodians are entrusted with securing billions of dollars in user funds. The vulnerability is a result of the wallet provider failing to follow a well-reviewed cryptographic standard,” said Idan Ofrat, Co-founder and CTO at Fireblocks. “The explosive growth of digital assets in the last few years, both in numbers of users and transaction volumes, has made it extremely lucrative for hackers to target this space. Fireblocks’ mission is to help the industry increase its resilience and security, and our research team is proud to assist qualified custodians so that they may ensure the security of their code and offerings.”
The vulnerability, which the Fireblocks team proved was exploitable via a free BitGo account on Mainnet, is a result of a missing implementation of mandatory zero-knowledge proofs in the BitGo ECDSA TSS wallet protocol, making it easy to expose the private key through a simple attack. All enterprise-grade digital asset custody platforms rely on either multi-party-computation (MPC/TSS) or multi-signature technology to eliminate a single point of compromise by distributing the private key between multiple users and parties, in order to ensure security controls even if one of the parties is compromised. The BitGo Zero Proof vulnerability allows any party, including internal and external attackers, to gain access to the full private key, completely bypassing all enterprise security and compliance controls. The attack could have been carried out in two possible scenarios:
1. A compromised user in the customer organization – In this scenario, the attacker is either a malicious employee or compromised employee computer that has limited transaction signing permission. The user initiates a transaction using the malicious values to acquire the private shard that is held in BitGo’s HSM. BitGo’s HSM then performs the signing computation using the malicious values, and responds to the compromised user with information that leaks the BitGo key shard. The attacker can now reconstruct the full private key, load it in an external wallet and withdraw the funds immediately or at a later stage.
2. If BitGo is compromised – In this scenario, an attacker lays in wait for a customer to initiate a transaction, then replies with malicious values that are unbeknownst to the customer. The malicious value is used to sign the transaction with the customer’s key share. The attacker can then use the response from the customer to reveal their key share and expose the full private key using BitGo’s key shard, all without anyone’s knowledge or defense.
While assets have not yet been withdrawn by attackers, it is feasible that private keys of wallets exposed to a similar class of vulnerabilities may have been compromised. As an industry best practice, Fireblocks recommends that users who created ECDSA TSS BitGo wallets prior to the fix date consider creating new wallets and transfer their funds to their new wallets.
For the full technical analysis of the BitGo Zero Proof Vulnerability, please visit https://www.fireblocks.com/blog/bitgo-wallet-zero-proof-vulnerability
Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks enables exchanges, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through patent-pending SGX & MPC technology. They have secured the transfer of over $3 trillion in digital assets and have a unique insurance policy that covers assets in storage & in transit. For more information, please visit www.fireblocks.com.