A major vulnerability has been found in a Bitcoin wallet's software, potentially putting billions in assets at risk.
- A serious security vulnerability has been discovered in BitcoinJS's software wallet. This leak relates to the SecureRandom function in the JSBN library and is amplified by weaknesses in the Math.random implementations of major browsers.
- Early Bitcoin users who created a wallet between 2011 and 2015 are particularly at risk. The report suggests that millions of wallets are potentially vulnerable to abuse. The researchers estimate that the potential damage from malicious actors could run into billions of euros.
- After a 22-month investigation, Unciphered notified users of the vulnerability and advised them to transfer their funds to a trusted software wallet.
Table of Content
- Credits of millions of users at risk
- Error recognized thanks to a user who no longer had access to his wallet
- Vulnerability can cause domino effect
Credits of millions of users at risk
According to the report, millions of Wallets are potentially vulnerable to possible abuse. Unciphered said that in cooperation with other parties, they have notified users and advised them to move funds to and trusted software wallet.
Error recognized thanks to a user who no longer had access to his wallet
The flaw was first noticed when a Blockchain.com user lost access to his Bitcoin wallet. This led to an investigation into BitcoinJS's software wallet, which revealed vulnerabilities. Since millions of wallets are involved, the potential damage from malicious actors is expected to run into the billions of dollars.
Vulnerability can cause domino effect
Because several wallet services have derived their code from BitcoinJS, these walletd are also potentially at risk, such as Dogechain.info and Blockchain.info, so the problems extend beyond Bitcoin.
Researchers say developing software to secure financial assets and personal data is always risky.