Abstract. In this paper, we show that the certificateless signature scheme proposed by Yap, Heng and Goi at SecUbiq 2006 is insecure against a key replacement attack and a malicious-but-passive KGC attack, respectively. The former implies that anyone who replaces a signer's public key can forge valid signatures for that signer without knowledge of the signer's private key. The latter supposes the malicious-but-passive KGC, which generates system parameters based on the information of the target user to impersonate. Our results are based on the fact that the private key of the YHG scheme has the form of a BLS multisignature generated by the KGC and the user. Finally, we review the vulnerability of several certificateless signature schemes under theses attacks.