Gridlock responds to vulnerabilities reported by Fireblocks

The Strength of Gridlock Wallet Amid Recent Cryptography Concerns

22 Aug 2023

Recent cybersecurity vulnerabilities have sparked questions about the safety of certain types of crypto storage methods. An issue was recently discovered with some of the most advanced methods of storing cryptocurrencies, which could potentially allow an attacker to gain access to a user's funds. Today, we want to reassure our users and explain why Gridlock Wallet remains safe and secure against these vulnerabilities.

Cryptography concerns – simplified

Fireblocks recently released an article detailing potential problems with GG20 MPC cryptography, a technology used by Gridlock to secure your assets. To understand why Gridlock is unaffected by the issue with the GG20 MPC protocol, let's first break down the potential risk scenarios using simple terminology. For a more in-depth explanation and detailed mathematics, you can review Fireblocks’ blog post

Scenario 1: The Insider Threat

This risk scenario suggests a possibility where a malicious actor could exploit a specific vulnerability during the wallet creation - a limited window of time. If this person has sophisticated technical knowledge and harmful intent, they could potentially manipulate the system to secure unauthorized access to digital assets. 

Notably, this actor would need to manipulate the communication with other parties in the MPC storage network to cause them to inadvertently reveal information about the jointly-owned private key. If the attacker is able to convince all parties to attempt to create the same wallet 16 times, they would be able to collect enough information to define the private key. 

Scenario 2: The Excessive Transaction Threat

In the second scenario, a massive volume of transactions ranging from hundreds of thousands to even billions could theoretically enable an attacker to gather enough information to compromise your digital assets. 

An attacker would need to be an active participant in your storage network with a share of the encryption key and persuade all other participants to cooperate in an abnormally high and suspicious number of transactions, triggering noticeable alerts.

a digital globe surrounded by blockchain network nodes and a shield and lock in the center

Gridlock's resilience: How our defenses stack up against the MPC vulnerability

Despite potential threats, Gridlock's robust structure works to mitigate these potential risks, providing users with bulletproof security and peace of mind.

Network trust advantage with Gridlock neutralizes the Insider Threat

The Gridlock security features that protect wallet holders from Scenario #1 (Insider Threats) center around the uniqueness of Gridlock's storage model. To understand the difference, let’s first cover how MPC protocols are commonly used.

The best cutting-edge crypto applications are built on multi-party computation (MPC) technology because it is the best path technology available for blockchain-based improvements. These MPC protocols often involve unknown participants interacting with each other. It's within these networks that the recently identified threats can pose real challenges.

With Gridlock, however, the picture is quite different. Our system is built on a semi-trust model, where all participants, called Guardians, are chosen by the user. Instead of unknown entities, the Guardians of your digital assets are your friends or family members (Social Guardians) or reliable companies you generally trust (Partner Guardians). But at the same time, you do not have to put full trust in any one person or entity, not even yourself!

The likelihood of attacks is significantly reduced. After all, the chances of a trusted friend deciding to exploit a vulnerability to compromise your assets are extremely low. With this distinct advantage, our model makes these potential vulnerabilities much less of a concern for our users.

By allowing users to establish a trusted network of Guardians, Gridlock's model instills an additional layer of security, reducing the potential for infiltration by a rogue actor, and thereby providing you with safer, more dependable storage for your digital assets.

Regardless of the high improbability of this type of attack on Gridlock, we have already patched the vulnerability making the threat impossible. 

Guarding against transaction overload

In light of Scenario #2, the Excessive Transaction Threat, it's essential to note that executing such an attack on Gridlock's system is nearly impossible. While some systems are vulnerable due to their reliance on continuous communication between participants, Gridlock is distinctively designed to function without this constant interchange, greatly reducing this threat.

Gridlock's robust design makes it incredibly challenging for any attacker to gain consensus from all Guardians, especially for an abnormally high number of transactions. Additionally, our architecture inherently counters the environment that's most conducive for this kind of attack.

While our design alone provides a formidable defense against transaction overload, we've further fortified our system by patching this potential vulnerability, ensuring its irrelevance.

Gridlock’s unique model is the future of crypto storage

Gridlock logo

Gridlock operates on a multi-party model with a minimum of five participants by default – a unique feature in the crypto storage world. The consensus of several Guardians is required to approve transactions, yet each Guardian operates independently. 

  • Individual Guardians can detect suspicious activities, like an abnormally high volume of transactions, signaling an attack. This means that the protection of your digital assets grows stronger with each added Guardian.
  • The Guardians in your storage network utilize different storage mediums and perspectives. They can spot and alert potential issues that others may miss. 
  • With Gridlock's MPC, no one Guardian holds too much power. A threshold number must agree before transactions are approved. Not just one, but several of your Guardians. Our approach removes the risk of single ownership and delivers a balanced, robust security strategy.

The collaboration of your chosen Guardians, coupled with the minimum 5-participant requirement, forms an impenetrable defense against possible extensive transaction attacks. Users enjoy multi-layered protection while maintaining full control over their digital assets, reinforcing Gridlock's standing as the best choice for secure crypto and NFT storage.

Download Gridlock today and strengthen your Guardian network while enjoying a robust defense system and a team dedicated to leading-edge crypto security. 

- - -

Written by Mason Winsed

a7 (1).jpg

Mason Winsed simplifies blockchain for the people. With a comp-sci background and a passion for crypto safety, he's your go-to for straight-forward crypto wisdom. In his off time, he's coding or gaming. Join Mason for a no-nonsense crypto talk.

Don't miss out on new features and special events