The Fireblocks cryptography research team has uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of multi-party computation (MPC) protocols, including GG-18, GG-20, and Lindell17.
...
In our ongoing effort to advance MPC security in the field of cryptography, the Fireblocks research team analyzed dozens of publicly available MPC protocols and wallet providers. In doing so, the team uncovered zero-day vulnerabilities in implementations used by more than 15 digital asset wallet providers, blockchains, and open-source projects, that would allow an attacker with privileged access to drain funds from wallets. In some implementations, the attack will only take seconds, with no knowledge to the user or vendor.

With the vast amount of closed implementations, we recommend that businesses check with their providers directly or visit the BitForge Status Checker to learn more.

---

The BitForge vulnerabilities, if left unremedied, would enable attackers to exploit a newly discovered flaw in the GG18 and GG20 protocols by exfiltrating the full private key due to a missing zero-knowledge proof. The Lindell17 protocol vulnerability stems from wallet providers’ deviating from the academic paper, creating a backdoor for attackers to expose part of the private key when signing fails. The exploits were validated on major open-source implementations, and a working POC was built on the open libraries.

Does BitForge impact all wallet providers that use MPC?

No, BitForge only impacts MPC wallet providers that utilize the GG-18, GG-20, and Lindell17 protocols.

Even if your provider is using another MPC protocol, it is important to ensure they undergo regular code audits and have the cryptography resources to immediately patch security vulnerabilities.

---

What does BitForge mean for the security of MPC?

The security and concept of MPC remains intact. The vulnerabilities identified are affecting specific implementations of MPC, and not the overarching concept itself.

When security flaws and vulnerabilities are found, every software and cryptographic protocol must be thoroughly audited and tested, and teams must have a plan in place to address security issues in a timely fashion.

The BitForge vulnerability does not reflect the security of MPC as a technology. The vulnerabilities identified are affecting specific implementations of MPC, and not the overarching concept itself.

---

Why does each wallet provider have a different implementation of the same MPC protocol?

Not all MPC protocols and implementations are created equal. Proficiency in implementation and the ability to manage and resolve vulnerability issues to protect users vary widely, as does the security level of different MPC implementations.

---

Have the vulnerabilities been exploited and if so, how recently?

As far as we know, the vulnerabilities have not been exploited. However, if an attacker was stealing a private key, it would be impossible to know until they move funds to a new wallet.

As part of the responsible disclosure process, Fireblocks provided the industry-standard 90-day notice to all identified providers before publishing the findings from the BitForge vulnerabilities.