HQ/EMEAFind out how we can help your business
The open-source software vulnerability called Randstorm has raised concerns among crypto users since it endangers millions of browser-based cryptocurrency wallets with a severe security threat.
This flaw, stored within the 0.13 version of Bitcoin JS, a widely used JavaScript library for generating cryptocurrency wallets, has exposed users to the potential theft of over $1 billion of digital assets.
The Randstorm vulnerability, discovered by an advanced cryptocurrency recovery company, primarily impacts various crypto projects and blockchains created using BitcoinJS between 2011 and 2015.
The root of the issue lies in gaining access to the 32 to 64-bit GUID wallet numbers developed by admins during the wallet creation process. These numbers, occurring one in several thousand rather than the more secure one in a trillion, render wallets prone to dictionary or brute-force attacks.
However, the level of effort for exploiting this vulnerability varies since the complexity of launching an attack against wallets generated in 2014 is notably higher than that from 2012.
The Randstorm flaw could potentially compromise some of the most used cryptocurrency platforms globally.
According to investigations, the Randstorm flaw could impact at least 15 of the most prominent vendors in the cryptocurrency landscape. The confirmed wallets that could suffer from this flaw are Blockchain.info (now Blockchain.com), Dogechain.info, Bitgo, Bitcore by BitPay, and BitPay.
In addition, Litecoin and Zcash wallets are potentially at risk, widening the scope of the threat. GitHub projects that integrated BitcoinJS during the susceptible timeframe may also be vulnerable to cyberattacks, posing an extensive challenge to the cryptocurrency community.
As a precaution, individuals with assets in the affected wallets should transfer their funds to newly generated wallets created with more trusted software. Simultaneously, vendors should conduct thorough audits of the GitHub library and the BitcoinJS ecosystem to ensure the security of users’ sensitive information and financial assets.
This alarming vulnerability puts the cryptocurrency community in a bad spot. Hence, crypto users should apply proactive measures and improve their awareness to protect their digital assets against theft.
The Randstorm flaw is one of the new targets that could potentially threaten cryptocurrency assets. Therefore, everyone should be vigilant and apply security practices that could protect their funds.
