Key highlights:
- The company found that nearly all TSS applications are vulnerable to acute recovery attacks and identified key extraction attacks in the MPC protocol.
- Verichains tested cross-chain asset management and non-custodial key infrastructure of many popular wallets, extracting full private keys without leaving a trace, and believes that over $8bn of total value locked (TVL) is at risk.
- The company is urging platforms and projects that rely on ECDSA to prioritize implementing robust security measures.
Verichains is a leading blockchain security solutions provider specializing in perimeter security, code audits, cryptanalysis, and incident investigation. Investigating threshold ECDSA security since October 2022, Verichains found that nearly all Threshold Signature Schemes (TSS) applications are vulnerable to key recovery attacks. Today, they found critical Key Extraction Attacks in TSS, the Multi-Party Computing (MPC) protocol.
Leading security firms run TSSs through multiple audits but fail to detect the security problems Verichains found. TSS is a cryptographic protocol that allows a group of parties to create a signature on a message without revealing their private keys. Blockchain technology ensures the security and availability of funds with this application. With TSS, funds are decentralized and controlled by a distributed group of signers who collaborate to authorize transactions.
Multi-Party Computing (MPC) system, in which TSS is used as a protocol, is used by many large financial and blockchain institutions to secure digital assets. These institutions include Fireblocks, Binance, Revolut, BNY Mellon, ING, Coinbase, and others. Many institutions implement MPC protocols for threshold ECDSA based on GG18, GG20, and CGGMP21 algorithms.
Over $8 Billion TVL Endangered
Verichains created proof of concept attacks on cross-chain asset management and non-custodial key infrastructure of many popular wallets in its tests. They extracted the full private key without leaving a trace in the attacks and appearing innocent to other parties. The company states that at least $8 billion worth of TVL is at risk.
Thanh Nguyen, Verichains Co-Founder and former CPU Security Leader at Intel, said, “Verichains has a strong commitment to responsible vulnerability disclosure, and we take care and considered steps when disclosing attacks, especially given the wide range of impacted projects and significant user funds at risk.”
The team is urging platforms and projects that rely on ECDSA to prioritize implementing robust security measures. They are ready to help to ensure the safety of the platforms. Notifying potential applications that could be affected by the attacks, Verichains will release details of the test attacks once the vulnerabilities are mitigated.
Founded in 2017, the company has helped investigate and fix security issues in the most prominent crypto attacks, including Ronin Bridge and BNB Bridge. In December 2022, Verichains first discovered Private Key Extraction Vulnerability in fastMPC’s Secure Multi-Party Client of Multichain.
