Fireblocks, a prominent player in the crypto security realm, identified vulnerabilities in several widely-used multi-party computation (MPC) protocols. This raised concerns across the industry given the reliance on MPC for wallet security.
Nash would like to emphasize to our community that we are safe from this attack. We used a standard approach of the Lindell17 signing routine in our implementation. While Fireblocks does mention this approach has a vulnerability, it is not new. In fact, this vulnerability was noted in the original paper and has been addressed since the first release of the Nash MPC Wallet.
With the Fireblocks vulnerability an attacker must perform upwards of 200 incorrect signatures in order to decipher the full private key material. The original paper notes that a system should stop signing if and when a single incorrect signature is received.
We've thoroughly examined our system and haven't identified any attempted breaches. Although we have already implemented extra layers of security to prevent the mentioned exploit, we're taking this chance to conduct a comprehensive review and enhance our system's resilience.
Going forward, all assets will now be automatically frozen after a single incorrect signature request. This adjustment is solely a technical safety enhancement and will not disrupt the user experience on our platform.
We would also like to highlight that even with the mentioned vulnerability, MPC remains the superior choice for security of crypto wallets. It offers a more robust defense against attacks than storing private key material directly on client devices which are susceptible to a significantly larger range of external threats. Further detail on Nash’s MPC implementation can be found on our blog.
We're grateful to have such a security conscious community and that you trust us with your business. Our team is focused on building the most resilient, secure system and best possible self-custody wallet. We’re excited for you to join us on the journey.
For those interested in a deep dive on the Fireblocks vulnerability, an up to date version of the paper is available here.