Cybersecurity experts at Unciphered have uncovered a critical vulnerability in browser-based cryptocurrency wallets, potentially jeopardizing over a million users and at least $1 billion in assets.
Dubbed the ‘Randstorm’ flaw, this security lapse plagues wallets developed between 2011 and 2015, sounding a warning to those clinging to decade-old digital storage solutions.
The flaw is rooted in the BitcoinJS library, a widely-used JavaScript tool for generating cryptocurrency wallets. Shockingly, the vulnerability traces back to borrowed code from a Stanford University student’s page over a decade ago. The compromised code lacks the necessary randomness, undermining the security of generated cryptographic keys.
Unciphered, a US-based firm specializing in cryptocurrency wallet retrievals, has taken action by alerting vendors and users about the vulnerability. Their proactive measures have reached over a million users, cautioning them of potential threats to their cryptocurrency holdings.
Bitcoin’s meteoric rise in value, from $300 to $35,000 per coin, underscores the urgency of addressing this flaw. With an estimated $1 billion in Bitcoin and other assets at stake, users are urged to migrate to more secure wallets and embrace advanced technologies to protect their digital wealth. As the cryptocurrency landscape evolves, ensuring the security of digital assets remains paramount.