Decrypt reports in Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets. that:
The cryptography research team at blockchain infrastructure provider Fireblocks today released the details of a vulnerability in BitGo’s Ethereum wallets that use the firm’s Threshold Signature Scheme(TSS). They indicate the now-patched vulnerability could have enabled an attacker to extract a full private key, bypassing all of BitGo’s security features.
The response from BitGo indicates this was not all it was cut out to be. See Bitgo’s views at: Our Response to Fireblock’s Claims. This post reads in part:
The most recent blog posted by Fireblocks engineering team is a competitor trying to drum up unnecessary fear, turning a known gap into a publicity stunt during a time our industry should really be working together against headwinds. The specific MPC wallet type in question is in early access and remains in early access, only unlocked for 20 developers.
Unlike other crypto infrastructure providers that build black box solutions, BitGo open sources key components of our technology and encourages developers around the world to test our latest implementations. Our APIs and SDKs are accessible to all. Anyone (including engineers at competing firms) can create a BitGo developer account and conduct test transactions in TestNet and MainNet. BitGo will continue to embrace open source review as a critical part of the security process. To this day, Fireblocks refuses to make its software open source or embrace public scrutiny of their implementations.
Bitgo’s post concludes with:
The published blog includes a litany of false claims intended to damage BitGo’s reputation, as well as BitGo’s actual and potential commercial relationships. BitGo is currently pursuing all legal remedies, including but not limited to damages, injunctive relief, court costs and attorneys fees. All rights are reserved.
