Researchers at Fireblocks claim in a report they detected a critical vulnerability in BitGo's Threshold Signature Scheme (TSS) wallet type used for multi-party computation (MPC).
According to Fireblocks' allegations, the said vulnerability resulted from a missing implementation of mandatory zero-knowledge proofs in the TSS wallet protocol.
Fireblocks also claimed and demonstrated in the report that the vulnerability allowed them to extract the private key of a BitGo TSS wallet on the Ethereum mainnet.
BitGo and FireBlocks compete in providing custody and wallet services to institutional clients.
BitGo has criticized Fireblocks' finding, calling it a "publicity stunt" that attempts to create fear and damage BitGo's reputation. It claimed that the wallet type in question was still in early access and had only been made available to 20 developers. BitGo added it was pursuing legal remedies against Fireblocks.
"None of our clients were using this type of wallet to store their assets. Because the wallet was in an early-access phase, it’s only available to 20 developers who are fully aware of the risks of using it, and several of those 20 developers are BitGo employees and contributors," a BitGo spokesperson said.
BitGo claimed that the issue had already been documented in their open-source code on GitHub and was publicly known before Fireblocks had flagged it.
The article was updated to add comments from BitGo.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.