Cybersecurity startup Unciphered has unveiled a deep security flaw in crypto wallets that it stumbled upon, that it says has the potential to steal at least $1 billion from traders and up to $2.1 billion.
BitcoinJS was used by many projects in the early 2010s — some are still active, like BitAddress and Bitco. Several blockchains can also be affected, including Dogecoin, Litecoin, and Zcash, Unnciphered said.
Unciphered has apparently alerted millions of affected users to the crypto wallet flaw. It urges them to immediately transfer assets to a wallet made after 2016.
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software,” Unciphered recommends.
However, millions more crypto traders haven’t been notified of the risks because their wallets were made at crypto firms that have since flopped.
Details of the crypto wallet flaw remain unknown. Unciphered says that it has decided to keep that information close to its chest in an attempt to dissuade bad actors. However, the Washington Post says that it has seen the team’s process and conclusions.