Potentially billions in crypto at risk due to vulnerability in BitcoinJS wallet
- 5 minute read
A major vulnerability has been found in a Bitcoin wallet's software, potentially putting billions in assets at risk.
Brief summary:
- A serious security vulnerability has been discovered in BitcoinJS's software wallet. This leak relates to the SecureRandom function in the JSBN library and is amplified by weaknesses in the Math.random implementations of major browsers.
- Early Bitcoin users who created a wallet between 2011 and 2015 are particularly at risk. The report suggests that millions of wallets are potentially vulnerable to abuse. The researchers estimate that the potential damage from malicious actors could run into billions of euros.
- After a 22-month investigation, Unciphered notified users of the vulnerability and advised them to transfer their funds to a trusted software wallet.
Table of Content
- Credits of millions of users at risk
- Error recognized thanks to a user who no longer had access to his wallet
- Vulnerability can cause domino effect
Credits of millions of users at risk
A crucial leak has been found in the software wallet from BitcoinJS . Early Bitcoin users in particular should beware and are advised to move their assets to other wallets. The vulnerability affects users who created a wallet between 2011 and 2015. According to a 22-month study by Unciphered in fact, a vulnerability was found in the SecureRandom function in JSBN's javascript library. This vulnerability is amplified by weaknesses in the Math.random implementations of major browsers, according to the report.
According to the report, millions of Wallets are potentially vulnerable to possible abuse. Unciphered said that in cooperation with other parties, they have notified users and advised them to move funds to and trusted software wallet.
Error recognized thanks to a user who no longer had access to his wallet
The flaw was first noticed when a Blockchain.com user lost access to his Bitcoin wallet. This led to an investigation into BitcoinJS's software wallet, which revealed vulnerabilities. Since millions of wallets are involved, the potential damage from malicious actors is expected to run into the billions of dollars.
According to the report, the security vulnerability is due to the way BitcoinJS, a JavaScript implementation of Bitcoin, used the SecureRandom function in the JSBN library. The vulnerabilities of this function relate to the method of entropy collection and PRNG (pseudo-random number generator), which could potentially allow malicious parties to gain access to the private keys.
Vulnerability can cause domino effect
Because several wallet services have derived their code from BitcoinJS, these walletd are also potentially at risk, such as Dogechain.info and Blockchain.info, so the problems extend beyond Bitcoin.
Researchers say developing software to secure financial assets and personal data is always risky.