Fireblocks Vulnerability and Nash MPC
August 16, 2023

Fireblocks Vulnerability and Nash MPC

Graphic illustrating the idea of security in relation to the Fireblocks Vulnerability and Nash MPC.

Fireblocks, a prominent player in the crypto security realm, identified vulnerabilities in several widely-used multi-party computation (MPC) protocols. This raised concerns across the industry given the reliance on MPC for wallet security.  

Nash would like to emphasize to our community that we are safe from this attack. We used a standard approach of the Lindell17 signing routine in our implementation. While Fireblocks does mention this approach has a vulnerability, it is not new. In fact, this vulnerability was noted in the original paper and has been addressed since the first release of the Nash MPC Wallet. 

With the Fireblocks vulnerability an attacker must perform upwards of 200 incorrect signatures in order to decipher the full private key material. The original paper notes that a system should stop signing if and when a single incorrect signature is received.

We've thoroughly examined our system and haven't identified any attempted breaches. Although we have already implemented extra layers of security to prevent the mentioned exploit, we're taking this chance to conduct a comprehensive review and enhance our system's resilience. 

Going forward, all assets will now be automatically frozen after a single incorrect signature request. This adjustment is solely a technical safety enhancement and will not disrupt the user experience on our platform.

We would also like to highlight that even with the mentioned vulnerability, MPC remains the superior choice for security of crypto wallets. It offers a more robust defense against attacks than storing private key material directly on client devices which are susceptible to a significantly larger range of external threats. Further detail on Nash’s MPC implementation can be found on our blog.

We're grateful to have such a security conscious community and that you trust us with your business. Our team is focused on building the most resilient, secure system and best possible self-custody wallet. We’re excited for you to join us on the journey.

For those interested in a deep dive on the Fireblocks vulnerability, an up to date version of the paper is available here

Tom
Read more posts by this author.
All Posts

Compliance and Registration

Nash was the first Crypto Platform in Europe registered by the Financial Market Authority (FMA) of Liechtenstein. Nash is also registered with the De Nederlandsche Bank N.V. (DNB).
Icon illustration representing a book with transparent background.

Industry Leading Security

Nash’s Crypto Platform and Investment App uses state-of-the art, audited security measures and is fully non-custodial.
What makes Nash so safe
Icon illustration of a shield representing security on a transparent background.
Trustpilot logo icon
YouTube logo iconTwitter logo iconTelegram logo iconLinkedIn logo iconInstagram logo iconFacebook logo icon
Rates may vary over time. Crypto-powered earnings on Nash are not covered by any deposit guarantee schemes like bank savings accounts and involve risks unique to the underlying technologies: (i) Exploitations of the smart contracts used; (ii) Forex fluctations between your national currency and the US dollar, which underlies crypto earnings assets; (iii) USD stablecoins losing their peg. 
Nash is a trademark of Neon Exchange Aktiengesellschaft. Neon Exchange Aktiengesellschaft is an exchange bureau registered with the FMA of Liechtenstein (TT Exchange Service Provider Nr. 261096 as defined by the Token- und VT-Dienstleister-Gesetz / TVTG, 3 October 2019)
Nash Exchange B.V. is registered with De Nederlandsche Bank N.V. (DNB) as a provider of crypto services. DNB conducts supervision and monitors Nash Exchange B.V.’s compliance with the Money Laundering and Terrorist Financing Prevention Act and the Sanctions Act 1977. Nash Exchange B.V. is not under the prudential supervision of DNB nor under business conduct supervision of the AFM. This means there is no supervision of financial requirements or business risks and no specific consumer financial protections.
Neon Exchange Aktiengesellschaft is a partner of Modulr Finance B.V., a company registered in the Netherlands with company number 81852401, which is authorised and regulated by the Dutch Central Bank (DNB) as an Electronic Money Institution (Firm Reference Number: R182870) for the issuance of electronic money and payment services. Your account and related payment services are provided by Modulr Finance B.V. Your funds will be held in one or more segregated accounts and safeguarded in line with the Financial Supervision Act – for more information please see this link.
Neon Exchange Aktiengesellschaft also provides fiat-crypto exchange services. These are separate and unrelated to the account and payment services you receive from Modulr Finance B.V.