- BitGo Zero Proof Vulnerability is what the Fireblocks team has dubbed the flaw.
- The Fireblocks team detailed its discovery of the flaw using a free BitGo mainnet account.
In December 2022, the Fireblocks cryptography research team discovered the vulnerability and informed BitGo of it. BitGo Threshold Signature Scheme (TSS) wallets were susceptible to the flaw, which could have compromised the private keys of the platform’s users, exchanges, banks, and businesses.
Upgrade to Recent Version
The Fireblocks team detailed its discovery of the flaw using a free BitGo mainnet account. The BitGo ECDSA TSS wallet protocol had a flaw that made it vulnerable to a trivial attack because it lacked a required zero-knowledge proof.
Fireblocks demonstrated that there are two ways in which an attacker, whether internal or external, can obtain a complete private key.
Anyone with access to the client side can initiate a transaction to steal a piece of the private key stored in BitGo’s system. Following the signing computation, BitGo would leak the BitGo key shard by disclosing sensitive information.
Nonetheless, Fireblocks advised users to consider opening new wallets and transferring funds from ECDSA BitGo wallets before the fix is released, even though no attacks have been carried out using the reported vulnerability.