该安全公司敦促那些使用 2011 年至 2015 年生成的钱包的人将其资产转移到最近生成的加密钱包。
While the crypto community is still weathering the effects of the recent $100-million Poloniex hack, another cybersecurity threat that could affect billions worth of crypto assets has been discovered by a team of blockchain security experts.
虽然加密社区仍在承受最近 1 亿美元的 Poloniex 黑客攻击的影响,但区块链安全专家团队发现了另一个可能影响价值数十亿美元加密资产的网络安全威胁。
On Nov. 14, cybersecurity company Unciphered released information on a vulnerability that they called “Randstorm,” which they claim to affect millions of crypto wallets that were generated from 2011 to 2015.
11 月 14 日,网络安全公司 Unciphered 发布了有关他们称之为“Randstorm”的漏洞的信息,他们声称该漏洞影响了 2011 年至 2015 年生成的数百万个加密钱包。
Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets https://t.co/CebdytNaC6
Reporting @washingtonpost https://t.co/OzYDq2tH4W
Technical write-up: https://t.co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4今天,我们发布了有关 Randstorm 的工作:影响大量浏览器生成的加密货币钱包的漏洞 https://t.co/CebdytNaC6 报告@washingtonpost https://t.co/OzYDq2tH4W 技术文章:https://t. co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4
— Unciphered LLC (@uncipheredLLC) November 14, 2023- Unciphered LLC (@uncipheredLLC) 2023 年 11 月 14 日
According to the firm, while working to retrieve a Bitcoin (BTC) wallet for a customer, they discovered a potential issue for wallets generated by BitcoinJS and derivative projects. The issue could possibly affect millions of wallets and around $2.1 billion in crypto assets, according to the cybersecurity company.
据该公司称,在努力为客户找回比特币(BTC)钱包时,他们发现了 BitcoinJS 和衍生项目生成的钱包存在潜在问题。据该网络安全公司称,该问题可能会影响数百万个钱包和约 21 亿美元的加密资产。
The firm also believes that multiple blockchains and projects could be affected. Apart from BTC, the company highlighted that Dogecoin (DOGE), Litecoin (LTC) and Zcash (ZEC) wallets could also potentially contain the vulnerability.
该公司还认为多个区块链和项目可能会受到影响。除了 BTC 之外,该公司强调,狗狗币 (DOGE)、莱特币 (LTC) 和 Zcash (ZEC) 钱包也可能包含该漏洞。
Related: Hackers claim to have stolen user data from defunct crypto ATM firm Coin Cloud
相关:黑客声称从已解散的加密 ATM 公司 Coin Cloud 窃取了用户数据
In addition, the company said that millions have already received an alert about the problem. For those who are using crypto wallets generated within the 2011 to 2015 time frame, the company recommends transferring their assets to wallets that were generated more recently. They wrote:
此外,该公司表示,数百万人已经收到有关该问题的警报。对于那些使用 2011 年至 2015 年期间生成的加密钱包的人,该公司建议将其资产转移到最近生成的钱包。他们写:
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software.”“如果您是在 2016 年之前使用网络浏览器生成自我托管钱包的个人,您应该考虑将资金转移到由可信软件生成的最近创建的钱包。”
While the company said that not all impacted wallets are affected equally, it also confirmed that the vulnerability is exploitable. However, the company did not provide any details about the exploitation of the vulnerability to avoid providing more information to bad actors in the space.
虽然该公司表示并非所有受影响的钱包都受到同样的影响,但它也证实该漏洞是可利用的。然而,该公司没有提供有关利用该漏洞的任何详细信息,以避免向该领域的不良行为者提供更多信息。
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story
杂志:爆米花罐中价值 3.4B 美元的比特币:丝绸之路黑客的故事
资料来源:https://thebittimes.com/cybersecurity-team-claims-up-to-2-1b-in-crypto-stored-in-old-wallets-are-at-risk-tbt70339.html