Fireblocks, a digital asset security platform, discovered a critical vulnerability in BitGo's Threshold Signature Scheme (TSS) wallets, putting the private keys of its users at risk of exposure to potential hacks.

BitGo utilizes TSS wallets to improve security by distributing partial private key information across multiple parties as one of its offerings. 

BitGo, a cryptocurrency custody firm, promptly suspended the affected wallet service in December 2022 upon learning of the vulnerability, dubbed the "BitGo Zero Proof Vulnerability," according to a media release from Fireblocks. The company then released a patch in February 2023 to address the flagged issue and informed clients to update their systems by March 17.

According to Fireblocks' researchers, the vulnerability resulted from a missing implementation of mandatory zero-knowledge proofs in the TSS wallet protocol. This omission could potentially have made it possible for attackers to extract users' private keys and gain access to their assets. Fireblocks did not say if there has been any loss of user assets because of the vulnerability. 

"The vulnerability is a result of the wallet provider failing to follow a well-reviewed cryptographic standard,” said Idan Ofrat, co-founder and CTO at Fireblocks.

Fireblocks added it worked closely with BitGo to resolve the vulnerability and improve the security of its wallet services.

BitGo did not immediately respond to a request for comment.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。