top partner

for CFD

Crypto cybersecurity firm Unciphered has unearthed a decade-old crypto wallet bug affecting browser-based wallets generated between 2011 and 2015.

The bug may allow nefarious actors to steal up to $2.1 billion from wallets on various networks, including Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Zcash (ZEC).

Discovering An Ancient Bug

In an interview with the Wall Street Journal, the Unciphered team explained that they’d accidentally discovered the bug during a failed attempt to recover an early investor’s $600,000 in lost Bitcoin (BTC).

The entrepreneur, Nick Sullivan, created his Bitcoin wallet back in 2014 using the website (since renamed to Later, he accidentally lost access to his coins after wiping his computer’s memory without remembering to record his wallet’s private key.

At Sullivan’s request, Unciphered began searching for Sullivan’s coins in January 2022. Though they ultimately lacked enough information to get them back, they realized in the process that’s code for creating random wallet keys – BitcoinJS – did not make all of its wallets random enough.

“BitcoinJS is terribly broken up till March 2014,” said Unciphered co-founder Eric Michaud. “Anyone directly using it is on the very high end of risk to attack.”

Another wallet site,, also used BitcoinJS, leaving many old Dogecoin users exposed to the same vulnerability.

Unciphered claims that wallets made before March 2012 contain $100 million in assets that could easily be hacked by a home computer user. Another $50 billion is held in wallets created between then and 2015, of which at least $500 million is vulnerable.

Cryptographers discovered flaws in wallet generation randomness back in 2014, and improved their methods since. Unciphered said it hadn’t discovered any wallets generated after 2016 suffering from weak randomness.

How to Tell Victims?

Unciphered came public with the vulnerability this week, but has been quietly warning affected users that their assets are at risk for months.

The challenge was convincing millions of victims to move their funds without revealing the vulnerability to thieves who would otherwise leverage it to steal coins.

Unciphered ultimately decided to go to the biggest site responsible for generating such wallets that might be in a position to discretely notify affected users. That site ended up being the one Sullivan used –

The site sent out emails to holders of over 1.1 million affected wallets and found a way to automatically update the wallets of anyone who visited its site.

“In crypto, you need to be pretty skeptical of people who call with something that sounds dramatic, because there are so many scammers,” President Lane Kasselman said regarding Unciphered’s warning. “It was unclear who they were and what the scope of it was.”

Many affected users still haven’t been warned directly since the sites they used to create their wallets are now out of business.

The post Old Crypto Wallet Bug Puts $2.1 Billion At Risk: Unciphered appeared first on CryptoPotato.

Read the full story: Read More“>

Blog powered by G6

Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.

For any inquiries, please contact [email protected]