Bitcoin Wallets Created Before 2016 May Be Vulnerable – Billions at Risk?

cryptonews.com:

The US-based cybersecurity firm Unciphered has warned users globally that their bitcoin (BTC) wallets created before 2016 may be in danger – as are billions in BTC.

Early crypto adopters and participants in a number of blockchain platforms between 2011-2015 may be affected by a major threat.

Over the last 22 months, Unciphered says, the team has been working on a vulnerability that affected BitcoinJS, a package for the browser-based generation of crypto wallets.

As the package was very popular, the vulnerability caused the generation of “a significant number “of vulnerable crypto wallets over the years.

The post details that, in January of 2022, Unciphered found the flaw when it worked for a customer locked out of a Blockchain.com (previously Blockchain.info) bitcoin wallet.

According to Unciphered’s website,

“By our estimates approximately 1.4M BTC are sitting in wallets that were generated with potentially weak cryptographic keys. If we conservatively estimate that only 3-5% of wallets generated during that time were affected, the current value of coins at risk is between 1.2 – 2.1Billion USD (assuming 1 BTC=$30,000).”

A number of experts have been warning about it since 2018, they added.

The issue has been named Randstorm.

Per Unciphered’s website,

“Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015).”

Meaning, they’re not quite as random as they should be.

At this time, the team will not provide more details on the exploitation of this vulnerability. This is done to give owners time to move their funds and avoid providing