While the crypto community is still weathering the effects of the recent $100-million Poloniex hack, another cybersecurity threat that could affect billions worth of crypto assets has been discovered by a team of blockchain security experts.
On Nov. 14, cybersecurity company Unciphered released information on a vulnerability that they called “Randstorm,” which they claim to affect millions of crypto wallets that were generated from 2011 to 2015.
Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets https://t.co/CebdytNaC6
— Unciphered LLC (@uncipheredLLC) November 14, 2023
Reporting @washingtonpost https://t.co/OzYDq2tH4W
Technical write-up: https://t.co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4
According to the firm, while working to retrieve a Bitcoin (BTC) wallet for a customer, they discovered a potential issue for wallets generated by BitcoinJS and derivative projects. The issue could possibly affect millions of wallets and around $2.1 billion in crypto assets, according to the cybersecurity company.
The firm also believes that multiple blockchains and projects could be affected. Apart from BTC, the company highlighted that Dogecoin (DOGE), Litecoin (LTC) and Zcash (ZEC) wallets could also potentially contain the vulnerability.
Related: Hackers claim to have stolen user data from defunct crypto ATM firm Coin Cloud
In addition, the company said that millions have already received an alert about the problem. For those who are using crypto wallets generated within the 2011 to 2015 time frame, the company recommends transferring their assets to wallets that were generated more recently. They wrote:
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software.”
While the company said that not all impacted wallets are affected equally, it also confirmed that the vulnerability is exploitable. However, the company did not provide any details about the exploitation of the vulnerability to avoid providing more information to bad actors in the space.
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story