Select your preference

Anycoin Direct places cookies to ensure the correct and secure use of our platform. It allows us to personalize the website and offer essential features such as the live chat. Select the cookies we can use to improve our services and press the save button to save your selection. If you need more information you can always check out our cookie policy.

View Cookie Policy
These cookies are necessary to offer you a working platform and essential features such as our live chat. No personal information is processed.
These cookies allow us to improve our platform by monitoring general behaviour and usage of the platform. No personal information is processed.
These cookies make it possible for us to keep you up to date on our latest products and offer personalized advertisements.

Potentially billions in crypto at risk due to vulnerability in BitcoinJS wallet

- 5 minute read

Mike Hesp
Mike Hesp

A major vulnerability has been found in a Bitcoin wallet's software, potentially putting billions in assets at risk.

Brief summary:

  1. A serious security vulnerability has been discovered in BitcoinJS's software wallet. This leak relates to the SecureRandom function in the JSBN library and is amplified by weaknesses in the Math.random implementations of major browsers.
  2. Early Bitcoin users who created a wallet between 2011 and 2015 are particularly at risk. The report suggests that millions of wallets are potentially vulnerable to abuse. The researchers estimate that the potential damage from malicious actors could run into billions of euros.
  3. After a 22-month investigation, Unciphered notified users of the vulnerability and advised them to transfer their funds to a trusted software wallet.

Table of Content

  1. Credits of millions of users at risk
  2. Error recognized thanks to a user who no longer had access to his wallet
  3. Vulnerability can cause domino effect

Credits of millions of users at risk

A crucial leak has been found in the software wallet from BitcoinJS . Early Bitcoin users in particular should beware and are advised to move their assets to other wallets. The vulnerability affects users who created a wallet between 2011 and 2015. According to a 22-month study by Unciphered in fact, a vulnerability was found in the SecureRandom function in JSBN's javascript library. This vulnerability is amplified by weaknesses in the Math.random implementations of major browsers, according to the report.

According to the report, millions of Wallets are potentially vulnerable to possible abuse. Unciphered said that in cooperation with other parties, they have notified users and advised them to move funds to and trusted software wallet.

Error recognized thanks to a user who no longer had access to his wallet

The flaw was first noticed when a Blockchain.com user lost access to his Bitcoin wallet. This led to an investigation into BitcoinJS's software wallet, which revealed vulnerabilities. Since millions of wallets are involved, the potential damage from malicious actors is expected to run into the billions of dollars.

According to the report, the security vulnerability is due to the way BitcoinJS, a JavaScript implementation of Bitcoin, used the SecureRandom function in the JSBN library. The vulnerabilities of this function relate to the method of entropy collection and PRNG (pseudo-random number generator), which could potentially allow malicious parties to gain access to the private keys.

Vulnerability can cause domino effect

Because several wallet services have derived their code from BitcoinJS, these walletd are also potentially at risk, such as Dogechain.info and Blockchain.info, so the problems extend beyond Bitcoin.

Researchers say developing software to secure financial assets and personal data is always risky.

To improve your experience as a user and personalize the website we place cookies.