Home Cryptocurrency Flaw in Cryptocurrency Wallets Could Be Abused to Steal at Least $1 Billion

Flaw in Cryptocurrency Wallets Could Be Abused to Steal at Least $1 Billion

0
Flaw in Cryptocurrency Wallets Could Be Abused to Steal at Least $1 Billion


If you’re still using a decade-old cryptocurrency wallet to store funds, consider ditching it. Numerous browser-based cryptocurrency wallets can be hacked, thanks to shoddy programming, according to a new warnings.

Unciphered is a US company that specializes in breaking into cryptocurrency wallets for which people have lost their seed phrases. During one retrieval attempt, the company discovered that many browser-based cryptocurrency wallets created from 2011 to 2015 contain a vulnerability that can make them easier to hack.

“We have reached out to the vendors that we were able to identify in order to alert them to this issue,” Unciphered says. “As a result of this, over a million users have received alerts advising them that their cryptocurrency wallets are potentially vulnerable.” 

The so-called “Randstorm” vulnerability deals with BitcoinJS, a popular JavaScript library used to generate cryptocurrency wallets. Over a decade ago, BitcoinJS borrowed some vulnerable, open-source code taken from a Stanford University student’s page, according to The Washington Post. The result can prevent the wallets from adding enough randomness when creating the cryptographics keys. 

The vulnerable code then persisted in BitcoinJS until March 2014, at which point over a dozen other cryptocurrency wallets and platforms had also incorporated the vulnerable JavaScript library. Some of these projects remain online while others have been dead for years. 

The list of affected vendors

The list of affected vendors (Credit: Unciphered)

Bitcoin has since ballooned in value from $300 per coin to $35,000. Unciphered now estimates that at least $1 billion in Bitcoin and other cryptocurrency assets are stored in vulnerable wallets. 

Recommended by Our Editors

The company is refraining from providing more details about the flaw to prevent hackers from exploiting it. Still, Unciphered says it wasn’t the first to uncover the Randstorm vulnerability. One anonymous user seems to have reported the problem in 2018, but it went largely unnoticed.  

As a result, Unciphered is urging affected users to take action. “If you’re one of the people who got into bitcoin (or similar) projects early, and you have been watching the value of coins in your wallet rise ever since, now is a good time to generate a new wallet and move them,” the company wrote in an FAQ.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.





Source link