CVE-2023-33241

Name of the Vulnerable Software and Affected Versions Crypto wallets implementing GG18 or GG20 TSS protocol (affected versions not specified)

Description Crypto wallets using the GG18 or GG20 Threshold Signature Scheme (TSS) protocols are susceptible to an issue where an attacker can extract a full ECDSA private key. This is achieved by injecting a malicious Pallier key and cheating during the range proof. Depending on the Beta parameters used in the implementation, the attack may require 16 or more signatures to fully exfiltrate the private key shares of other parties. A real-world incident involved THORChain, which suffered a $10.7M theft due to a delayed patch deployment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.