A tech entrepreneur’s forgotten Bitcoin password has led to the discovery of a significant security flaw affecting millions of crypto wallets. This revelation, first reported by The Washington Post, underscores the latent risks in the burgeoning digital currency sector.
The entrepreneur’s quest to retrieve $600,000 in Bitcoin led him to Unciphered, experts in recovering locked electronic funds. While they couldn’t access his wallet, their probe revealed a major flaw in BitcoinJS, commonly used for generating wallet cryptographic keys.
Widespread impact on crypto wallet security
This flaw, stemming from insufficiently random key generation, poses a threat to a vast number of wallets. Particularly vulnerable are wallets created before March 2012, which hold an estimated $100m in BTC. Average computer users could potentially hack these devices. Additionally, wallets created up until the end of 2015, containing around $50 billion in BTC, are at risk, with at least 2% of them susceptible due to weak randomness.
Eric Michaud, co-founder of Unciphered, highlighted the gravity of the situation, stating, “BitcoinJS is terribly broken up till March 2014. Anyone directly using it is on the very high end of risk to attack.”
Efforts to mitigate the risk
Following the discovery, Unciphered is alerting the public and urging wallet owners to move their funds to safer storage. They’ve partnered with Blockchain.com to update and notify over 1.1 million users with at-risk wallets.
This event highlights the risks in digital currencies and underscores the need for strong security. As the crypto market grows, vigilant and proactive measures are essential to safeguard investors.