News

$2.1B In Crypto Wallets Generated Between 2011 and 2015 Could Be at Risk, Cybersecurity Firm Warns

Jim Haastrup

Key Insights

  • Cybersecurity firm Unciphered has discovered a serious vulnerability called Randstorm that could affect millions of crypto wallets.
  • The Randstorm vulnerability could allow hackers to steal billions of dollars worth of crypto, NFTs, and other assets.
  • The vulnerability is caused by a flaw in an algorithm used to generate private keys for these wallets.
  • Unciphered recommends that users move their funds to more recent wallets.
  • Unciphered is working with the crypto community to tackle Randstorm and to help users secure their funds.

Did you create your browser-based crypto wallet between 2011 to 2015? Read this if you answered yes.

According to reports, a cybersecurity company has recently shed light on a serious vulnerability that could affect millions of crypto wallets that were created between 2011 and 2015.

This vulnerability is called Randstorm.

Apparently, Randstorm is so serious, that hackers can potentially break in and steal billions of dollars worth of crypto, NFTs and other assets

What Is Randstorm And How Does It Work?

Unciphered LLC was the first to draw attention to this vulnerability.

The blockchain security firm, in a recent tweet, mentioned that they found this vulnerability while trying to recover a lost Bitcoin wallet.

Randstorm, the new vulnerability

According to the blog post attached to this tweet, this vulnerability can potentially be used to drain wallets generated by Bitcoin JS, a popular package for generating browser-based Bitcoin wallets.

According to Unciphered LLC, there is a flaw in the random number generation (RNG) algorithm this browser extension uses to generate private keys for these wallets.

Unciphered says that the Random Number Generation algorithm was not as secure as expected, and may have produced some weak or predictable private keys.

Attackers could simply attack these wallets with a powerful enough computer that can guess billions of private key combinations per second.

This kind of attack is known as a "brute force" attack.

According to Unciphered, this Randstorm vulnerability could be present in millions of crypto wallets, holding around $2.1 billion in crypto assets at current market prices.

Unciphered also says that several chains including Bitcoin, Dogecoin, Litecoin and Zcash could also be vulnerable to this kind of attack.

Unciphered Shows How Users Can Protect Against Randstorm

Unciphered alerted millions of users who could be potentially affected by Randstorm.

The blockchain security company also advised crypto holders who generated web-based wallets during this timeframe to move their funds to a more recently created wallet generated by trusted software.

Unciphered also warns that not all wallets are affected equally, and some may be more vulnerable than others.

Other than that, Unciphered refused to reveal any more information about how to exploit this vulnerability, so the actual bad actors don't get any ideas

Unciphered says that it is working hand-in-hand with the crypto community to tackle Randstorm, and to help users secure their funds. The blockchain security company also urged users to report any suspicious activity or transactions related to their wallets.

This comes at a time when the crypto ecosystem is still trying to get over the recent $100 million stolen during the Poloniex hack.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.