Crypto custody firm Fireblocks reveals ‘BitForge’ vulnerabilities that threatened funds on major exchanges including Binance, Coinbase

The vulnerabilities, dubbed ‘BitForge’, affected users of over 15 widely-used cryptocurrency wallet providers and projects, representing over 80 per cent of the market

The way BitForge could be exploited is easy and ‘follows the way that most attacks happen’, Fireblocks CEO Michael Shaulov tells the Post

Reading Time:3 minutes

An ad for cryptocurrencies in Hong Kong’s Tsim Sha Tsui. Photo: Xiaomei Chen

Published: 10:30pm, 11 Aug 2023Updated: 11:30pm, 11 Aug 2023

A vulnerability in certain cryptocurrency wallets on top exchanges such as Binance and Coinbase had left user funds facing the additional risk of theft, a security firm revealed this week, underscoring ongoing cybersecurity concerns in the industry as global regulators try to rein it in.

The vulnerabilities, dubbed “BitForge”, are affecting 15 widely used cryptocurrency wallet providers and projects, according to digital-asset infrastructure and custody firm Fireblocks, which presented the findings at the Black Hat USA conference on Wednesday.

In a statement, the company said the vulnerabilities were made public following an industry-standard “90-day disclosure period”. US-based Coinbase, which had the issue in its wallet-as-a-service cloud offering, and Israeli wallet operator ZenGo told Fireblocks they had resolved the issue.

Binance founder and CEO Zhao Changpeng also acknowledged the vulnerability in a tweet on Thursday, saying his exchange, the largest in the world by volume, had resolved the issue and that no user funds were affected.

“If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor,” Fireblocks said.