A warning issued this week points to vulnerabilities inherent in many of the web-based cryptocurrency wallets used today. Thanks to flaws within the programming, the report says that these wallets can be hacked and user funds can be stolen as a result. The moral of the story, according to the report, is that storing funds on web-based wallets is risky and that if you are storing a sizeable amount of crypto on them, you should consider alternative forms of storage that do not rely on a third party.
New Vulnerabilities Discovered with Multiple Crypto Wallets
Unciphered is the company that issued the warning and specializes in helping people break into crypto wallets when the seed phrase has been lost. Though they issued a warning, Unciphered has not done any full-length studies. The warning was issued because of a recent discovery made while attempting to recover a wallet. During this attempt, it was discovered that crypto wallets created between 2011 and
In a statement, Unciphered said, “We have reached out to the vendors that we were able to identify in order to alert them to this issue. As a result of this, over a million users have received alerts advising them that their cryptocurrency wallets are potentially vulnerable.”
The vulnerability is being labeled “Randstorm” and is connected to BitcoinJS, a javascript resource utilized to create many of the cryptocurrency wallets used today. The reason “Randstorm” wallets are inherently vulnerable is because the BitcoinJS library used borrowed open-source code. Open-source code, as its name implies, is able to be accessed and used by anyone, including hackers. The code has been proven to not use enough randomness when creating crypto keycodes used for accessing online wallets. This creates a situation where hackers can guess crypto keys much more quickly than they would be able to otherwise. Newer wallets, by comparison, utilize source code that integrates higher levels of randomness and additional layers of security.
Unciphered is refraining from releasing to the public more details about how, exactly, this vulnerability can be exposed. In fact, Unciphered is not even the first group to call attention to the Randstorm vulnerability. Back in 2018, an anonymous user online pointed out the flaws but this warning went largely unheeded by the crypto community. Unciphered went on to tell users that if “you’re one of the people who got into bitcoin (or similar) projects early, and you have been watching the value of coins in your wallet rise ever since, now is a good time to generate a new wallet and move them.” In essence, if you have had Bitcoin, Ethereum, or any number of crypto assets in the affected wallets, you have more than likely made a sizeable amount of money given the rise in these assets’ value over the past 10 years. As such, it is in your best interest to protect these monetary gains and move your crypto assets to safer online wallets or, alternatively, cold storage that entirely removes your crypto from any online, hackable database or system.