Gemini releases details of hardware vulnerability that could compromise bitcoin secret keys

FinTech | July 21, 2015 By:

Gemini CSO Cem Paya released details of a vulnerability he encountered that allows attackers to brute-force secret keys from SafeNet’s brand of hardware security modules, or ‘HSMs’.

“Bitcoin is the one payment technology where possession of money can be boiled down to pure cryptographic capability: generating a signature with an ECDSA private key is money. If you lose control of that private key, you lose the ability to spend your funds, plain and simple,” said Cem paya.

While testing the SafeNet Luna G5 for use in the forthcoming exchange’s cold storage, Paya discovered a design flaw in its software that meant both public and private keys could be extracted – even though they are designed never to leave the device. Clients using any of Safenet’s three HSMs to manage their bitcoin keys would be at risk.

Gemini is a bitcoin exchange based in New York city.