While the crypto community is still weathering the effects of the recent $100 million Poloniex hackanother cybersecurity threat that could affect billions worth of crypto assets has been discovered by a team of blockchain security experts.
On Nov. 14, cybersecurity company Unciphered released information on a vulnerability that it called “Randstorm,” which it claims to affect millions of crypto wallets that were generated using web browsers from 2011 to 2015.
Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets https://t.co/CebdytNaC6
Reporting @washingtonpost https://t.co/OzYDq2tH4W
Technical write-up: https://t.co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4
— Unciphered LLC (@uncipheredLLC) November 14, 2023
According to the firm, while working to retrieve a Bitcoin (BTC) wallet, it discovered a potential issue for wallets generated by BitcoinJS and derivative projects. The issue could affect millions of wallets and around $2.1 billion in crypto assets, according to the cybersecurity company.
The firm also believes that multiple blockchains and projects could be affected. Apart from BTC, the company highlighted that Dogecoin (DOGE), Litecoin (LTC) and Zcash (ZEC) wallets could also potentially contain the vulnerability.
Related: Hackers claim to have stolen user data from defunct crypto ATM firm Coin Cloud
In addition, the company said that millions have already received an alert about the problem. For those using crypto wallets generated within the 2011 to 2015 time frame, the company recommends transferring their assets to wallets generated more recently. It wrote:
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software.”
While the company said that not all impacted wallets are affected equally, it also confirmed that the vulnerability is exploitable. However, the company did not provide any details about exploiting the vulnerability to avoid providing more information to bad actors in the space.
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story