This updated version enhances the MPC-CMP key generation protection as part of our defense-in-depth process.
The enhanced protection provided here mitigates a specific low-risk attack vector, preventing an attacker from:
- Compromising a Co-Signer machine as well as Co-Signer high-privileges process.
- Overcoming security reinforcement and secure enclave protections.
- Manipulating the key generation process.
- Executing more than 16 maliciously-crafted transactions.
For instructions on how to update your Co-Signer, see Fireblocks Help Center.
Notes:
- Existing workspaces and users are not affected by this flow.
- This version update can be applied as an in-place update.
Impacted products and recommendations
- Fireblocks Saas Co-Signers: Fireblocks updated its Co-Signers with a fix on August 6th.
- Fireblocks Mobile App: Use the latest Fireblocks mobile app when onboarding to a new workspace. A fixed version was released on August 14th for both iOS and Android devices.
- Customer API Co-Signers: You are advised to update your Co-Signer to the latest version in order to mitigate this attacker vector. A fixed version was released on August 14th.
- Hosted MPC Guard Co-Signers: You are advised to update your Co-Signer to the latest version to mitigate this attacker vector. A fixed version was released on August 14th.
- Cold Wallet Mobile App: Existing workspaces and users are not affected. Use the latest Fireblocks offline mobile app when onboarding to a new workspace. A fixed version was released on August 14th.