該安全公司敦促那些使用 2011 年至 2015 年生成的錢包的人將其資產轉移到最近生成的加密錢包。
While the crypto community is still weathering the effects of the recent $100-million Poloniex hack, another cybersecurity threat that could affect billions worth of crypto assets has been discovered by a team of blockchain security experts.
雖然加密社群仍在承受最近 1 億美元的 Poloniex 駭客攻擊的影響,但區塊鏈安全專家團隊發現了另一個可能影響價值數十億美元加密資產的網路安全威脅。
On Nov. 14, cybersecurity company Unciphered released information on a vulnerability that they called “Randstorm,” which they claim to affect millions of crypto wallets that were generated from 2011 to 2015.
11 月 14 日,網路安全公司 Unciphered 發布了有關他們稱之為「Randstorm」的漏洞的訊息,他們聲稱該漏洞影響了 2011 年至 2015 年生成的數百萬個加密錢包。
Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets https://t.co/CebdytNaC6
Reporting @washingtonpost https://t.co/OzYDq2tH4W
Technical write-up: https://t.co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4今天,我們發布了有關Randstorm 的工作:影響大量瀏覽器產生的加密貨幣錢包的漏洞https://t.co/CebdytNaC6 報告@washingtonpost https://t.co/OzYDq2tH4W 技術文章:https://t . co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4
— Unciphered LLC (@uncipheredLLC) November 14, 2023- Unciphered LLC (@uncipheredLLC) 2023 年 11 月 14 日
According to the firm, while working to retrieve a Bitcoin (BTC) wallet for a customer, they discovered a potential issue for wallets generated by BitcoinJS and derivative projects. The issue could possibly affect millions of wallets and around $2.1 billion in crypto assets, according to the cybersecurity company.
據該公司稱,在努力為客戶找回比特幣(BTC)錢包時,他們發現了 BitcoinJS 和衍生項目生成的錢包有潛在問題。據該網路安全公司稱,該問題可能會影響數百萬個錢包和約 21 億美元的加密資產。
The firm also believes that multiple blockchains and projects could be affected. Apart from BTC, the company highlighted that Dogecoin (DOGE), Litecoin (LTC) and Zcash (ZEC) wallets could also potentially contain the vulnerability.
該公司還認為多個區塊鏈和項目可能會受到影響。除了 BTC 之外,該公司強調,狗狗幣 (DOGE)、萊特幣 (LTC) 和 Zcash (ZEC) 錢包也可能包含漏洞。
Related: Hackers claim to have stolen user data from defunct crypto ATM firm Coin Cloud
相關:駭客聲稱從已解散的加密 ATM 公司 Coin Cloud 竊取了用戶數據
In addition, the company said that millions have already received an alert about the problem. For those who are using crypto wallets generated within the 2011 to 2015 time frame, the company recommends transferring their assets to wallets that were generated more recently. They wrote:
此外,該公司表示,數百萬人已經收到有關該問題的警報。對於使用 2011 年至 2015 年期間產生的加密錢包的人,該公司建議將其資產轉移到最近產生的錢包。他們寫:
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software.”“如果您是在 2016 年之前使用網絡瀏覽器生成自我託管錢包的個人,您應該考慮將資金轉移到由可信任軟體生成的最近創建的錢包。”
While the company said that not all impacted wallets are affected equally, it also confirmed that the vulnerability is exploitable. However, the company did not provide any details about the exploitation of the vulnerability to avoid providing more information to bad actors in the space.
雖然該公司表示並非所有受影響的錢包都受到相同的影響,但它也證實該漏洞是可利用的。然而,該公司沒有提供有關利用該漏洞的任何詳細信息,以避免向該領域的不良行為者提供更多資訊。
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story
雜誌:爆米花罐中價值 3.4B 美元的比特幣:絲路駭客的故事
資料來源:https://thebittimes.com/cybersecurity-team-claims-up-to-2-1b-in-crypto-stored-in-old-wallets-are-at-risk-tbt70339.html