Crypto infrastructure firm Fireblocks has revealed it had discovered a zero proof critical vulnerability in BitGo's implementation of the Ethereum self-managed wallet.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
In a blog post, the New York-headquartered firm said the vulnerability potentially allowed an attacker to steal the secret share held by BitGo or the client in the TSS protocol.
"The vulnerability allows an attacker to extract the full ECDSA private key from BitGo Ethereum TSS wallets using a single signature and a few seconds of computation, bypassing all of BitGo security features," Fireblocks said.
The blockchain firm noted it had reached out to the BitGo security team and notified of the vulnerability. BitGo patched the vulnerability with the latest available version. It is unclear if the vulnerability was exploited by hackers.
In August 2022, crypto venture firm Galaxy Digital decided not to buy BitGo for $1.2 billion. In response, BitGo sued Galaxy Digital, seeking more than $100 million in damages. The firm said the venture firm made "intentional breach" of the acquisition agreement.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange