Researchers at Fireblocks claim they discovered a critical vulnerability in BitGo’s Threshold Signature Scheme (TSS) wallet type used for multi-party computation (MPC). BitGo and FireBlocks are close competitors in the custody and wallet niche targeting institutional clients. 
BitGo promptly took action in December 2022 upon learning of the vulnerability by releasing a patch and fixing the issue, according to a statement from Fireblocks. 
According to Fireblocks’ claims, the vulnerability resulted from a missing implementation of mandatory zero-knowledge proofs in the TSS wallet protocol. This omission could potentially have made it possible for attackers to extract users’ private keys and gain access to their assets, FireBlocks’ report continued. Fireblocks did not say if there has been any loss of user assets because of the vulnerability. 
BitGo’s response
BitGo has criticized Fireblocks’ finding, calling it a “publicity stunt” that attempts to create fear and damage BitGo’s reputation. It stated that the wallet type in question was still in early access and had only been made available to 20 developers. BitGo said it’s is pursuing legal remedies against Fireblocks for false claims.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

This article has been originally published at: https://www.theblock.co/post/220804/fireblocks-reported-vulnerability-now-patched-in-bitgo-tss-wallets