zhonglinlynn/fireblocks-zengo-lindell17-exploit-poc

ZenGo Lindell17 Exploit PoC

This repo contains working exploit code that exfiltrates the private key share from a victim using ZenGo's Lindel17 MPC protocol implementation.

Build and run

unzip gotham-city.zip
cd gotham-city/integration-tests
cargo test -- --nocapture

Notable changes

The most interesting parts of the PoC are in the following files inside gotham-city.zip:

• gotham-city/integration-tests/tests/ecdsa.rs
• gotham-city/two-party-ecdsa/src/party_two.rs (in the compute function)

Affected Libraries

• https://github.com/ZenGo-X/gotham-city (server)
• https://github.com/ZenGo-X/multi-party-ecdsa (protocol)

The library was patched: https://github.com/ZenGo-X/gotham-city/releases/tag/v1.0.0