Breaking News

Smartstream: The Evolutionary Leap from Process Automation to Full Autonomy How NOTO and Opus Advisory Group Are Unifying Fraud Prevention | NOTO, Opus Advisory Group | The Fintech Show #163 AQMetrics’ Strategy for Unifying Data, Scaling for AI, and Building Trust MPE 2026: G+D Netcetera on the Payment Security Stack Driving Higher Conversion and Lowering Fraud InsurTech NY: Camunda on Smarter Workflows Finastra: What Banks Must Do for 2026 InsurTech NY: Fair on Closing Coverage Gaps InsurTech NY: Teqfocus on Practical AI Moonfare Launches New AI-Focused Technology Strategy Innovating Finance Together Summit Highlights the Power of Collaboration in a Fast-Changing Financial Landscape Lydian Launches Co-Branded Visa Platinum Card, Turning Digital Assets Into Everyday Payments MENA Fintech Association Welcomes Facephi as a Member to Support Digital Identity and Secure Financial Onboarding Across the Region The Family Office Launches Wealth Mermaid, a Pioneering AI Wealth Assistant PayDo Launches New Crypto-to-Fiat Payment Capabilities MoneyHash and Visa Expand Partnership with Multi-Year Partnership to Expand Cybersource Enablement Across Emerging Markets

Home » News » Fintech » Over $70 Billion Assets Saved From Attack Through Discovery of Security Flaws by io.finnet and Kudelski Security

April 19 2023

Over $70 Billion Assets Saved From Attack Through Discovery of Security Flaws by io.finnet and Kudelski Security

Share this post:

io.finnet and Kudelski Security discovered four flaws in the implementation of a popular Threshold Signature Scheme (TSS), a Multi-Party Computing (MPC) protocol commonly used by digital asset custody solutions and multiparty wallets to produce digital signatures that protects assets worth more than $70 Billion.

A Threshold Signature Scheme (TSS) allows a group of individuals to sign a message collectively, as long as a predetermined threshold of those individuals agree to do so. As a result, it is safer and simpler to use in applications involving digital assets. However, sometimes there are issues with the way it’s set up that could give external parties access to restricted data. To fix these problems, software managers need to use updated versions that fix the issues.

“Technology is constantly evolving, and with it come new challenges and risks. However, with the right mindset and tools, we can overcome these challenges and make the digital space a safer place for everyone. We are committed to advancing security and privacy, and are always looking for partnerships with individuals that share the same values.” said Luke Plaster, Chief Crypto Officer at io.finnet, who leads digital assets initiatives.Kudelski Security and io.finnet discovered vulnerabilities in the protocols, related to the TSS techniques, that could have been exploited by malicious parties to cause a security breach. TSS techniques are primarily used in programming languages such as Go and Rust, to execute functions quickly and securely.

“TSS-Lib,” an MIT-licensed Go programming language implementation of the protocols, is one of the better known libraries that was affected. In collaboration with MPC Alliance, io.finnet decided to inform the involved parties about the issues and provided solutions to fixing them. The team chose to keep the affected parties private but provided the causes, impact and solution to prevent similar issues in the future.

The full details have been made public through Mitre’s CVE database. The issues have been given special numbers to allow individuals to identify them. These issues have been assigned the following CVE numbers: [CVE-2022-47930], [CVE-2022-47931], [CVE-2023-26556] and [CVE-2023-26557]. You can learn more on io.finnet blog and Kudelski’s here.

Affected parties are encouraged to get in touch with io.finnet, Kudelski Security, or the MPC Alliance for advice if they need further assistance.

People In This Post

Luke Plaster

io.finnet

Companies In This Post

io.finnet

Kudelski Security

Share this post:

Smartstream: The Evolutionary Leap from Process Automation to Full Autonomy

Fintech TV

Read more
How NOTO and Opus Advisory Group Are Unifying Fraud Prevention | NOTO, Opus Advisory Group | The Fintech Show #163

Episodes

Read more
AQMetrics’ Strategy for Unifying Data, Scaling for AI, and Building Trust

Enterprise Ireland

Read more
MPE 2026: G+D Netcetera on the Payment Security Stack Driving Higher Conversion and Lowering Fraud

Event Videos 2026

Read more
InsurTech NY: Camunda on Smarter Workflows

Insurtech

Read more

Innovating Finance Together Summit Highlights the Power of Collaboration in a Fast-Changing Financial Landscape

Finastra’s inaugural Innovating Finance Together Summit, held in London, brought together more than 200 financial services professionals

Top Story

MENA Fintech Association Welcomes Facephi as a Member to Support Digital Identity and Secure Financial Onboarding Across the Region

Facephi joins MENA Fintech Association at a time when financial institutions across the Middle East are accelerating digital transformation

Top Story

CFIT Coalition Shows Financial Health Tools Could Unlock £5bn in SME Lending

CFIT has launched its latest report with a path to improving access to finance for UK SMEs - the backbone of the UK economy.

Top Story

ABHI Partners with GCC Exchange to Enable Instant Wage Access and Seamless Remittances Across the UAE

GCC Exchange, a leading name in remittance and foreign exchange services across the region, has announced a strategic partnership with Abhi Middle East Limited, one of the MENAP region’s neobanks of the future and SME-lending fintech, backed by Hub71 and Abu Dhabi Investment Office. This collaboration is designed to enable UAE-based workers with real-time access to their earned wages, alongside efficient and reliable cross-border remittance services.

Top Story

CTBC USA Chooses Narmi for Strategic Digital Banking Initiatives

Narmi, a leading digital banking platform provider for banks and credit unions, today announced that CTBC Bank USA has selected Narmi to support the bank's future digital banking initiatives.

Top Story

Clear Street Expands European Market Access with MiFID II License in the Netherlands

Clear Street ("Clear Street" or "the Company"), a cloud-native financial infrastructure technology firm on a mission to give every sophisticated investor access to every asset in every market, today announced it has received authorization from the Netherlands Authority for the Financial Markets (AFM) to operate as an investment firm. The authorization marks a significant milestone in Clear Street's global expansion and establishes a licensed operating presence in the European Economic Area (“EEA”), which represents 27 European Union countries plus Norway, Iceland and Liechtenstein. This effort complements the Company's existing operations in the United Kingdom.

Top Story

Proximus Global and Vilja Partner to Launch Embedded WhatsApp Services for Emerging Banks in Southeast Asia

Proximus Global, the leading international communications enabler, has partnered with Vilja, the cloud‑native core banking platform, to deliver embedded WhatsApp capabilities to emerging banks across Southeast Asia. The collaboration aims to help rural and cooperative banks expand access to digital financial services across Indonesia, Malaysia, and the Philippines.