Approximately 80% of cryptocurrency users are facing risks due to the BitForge vulnerability, which targets major cryptocurrency exchanges such as Binance and Coinbase.
According to SCMP, the digital asset custody and infrastructure company Fireblocks reported that the BitForge vulnerability is impacting 15 providers and the most popular cryptocurrency wallet projects currently. This information was presented at the Black Hat USA conference held in the United States.
Binance’s CEO, Changpeng Zhao, acknowledged the issue on Twitter, stating that the vulnerability has been addressed and assuring users that their funds are not affected. A spokesperson from Coinbase also confirmed that the exchange has resolved the problem.
BitForge targets multi-party computation (MPC) protocols. In cryptocurrency transactions, MPC divides private keys into multiple parts distributed across different devices to limit the risk of exposing the entire key. Theoretically, this enhances the security of digital wallets, but the BitForge vulnerability allows attackers to view the entire key after 16 transactions, occurring within seconds for wallets with frequent transactions. This vulnerability enables cybercriminals to withdraw all funds from users’ wallets.
According to Fireblocks CEO Michael Shaulov, what makes BitForge dangerous is its relatively simple operation, following the principles of most historical cyber attacks. Criminals only need spyware to distribute the virus to users’ devices. One common method is through phishing emails, enticing users to install additional applications or provide personal information.