Crypto wallet flaw can steal billions from early adopters, startup claims
Cybersecurity startup Unciphered has unveiled a deep security flaw in crypto wallets that it stumbled upon, that it says has the potential to steal at least $1 billion from traders and up to $2.1 billion.
On Tuesday, Unciphered published information on what it calls Randstorm: a vulnerability in web browser-generated self-custody wallets made between 2011 and 2015. Wallets generated by BitcoinJS and derivative projects can be affected due to the popular JavaScript library borrowing vulnerable open-source software from a Stanford student over a decade ago.
BitcoinJS was used by many projects in the early 2010s — some are still active, like BitAddress and Bitco. Several blockchains can also be affected, including Dogecoin, Litecoin, and Zcash, Unnciphered said.
Unciphered has apparently alerted millions of affected users to the crypto wallet flaw. It urges them to immediately transfer assets to a wallet made after 2016.
Read more: Poloniex hacked — all my low liquidity coins gone
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software,” Unciphered recommends.
However, millions more crypto traders haven’t been notified of the risks because their wallets were made at crypto firms that have since flopped.
Details of the crypto wallet flaw remain unknown. Unciphered says that it has decided to keep that information close to its chest in an attempt to dissuade bad actors. However, the Washington Post says that it has seen the team’s process and conclusions.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.