Big Board Alerts

November 15, 2023
Millions of crypto wallets at risk due to overlooked code flaw

A tech entrepreneur’s forgotten Bitcoin password has led to the discovery of a significant security flaw affecting millions of crypto wallets. This revelation, first reported by The Washington Post, underscores the latent risks in the burgeoning digital currency sector.

The entrepreneur’s quest to retrieve $600,000 in Bitcoin led him to Unciphered, experts in recovering locked electronic funds. While they couldn’t access his wallet, their probe revealed a major flaw in BitcoinJS, commonly used for generating wallet cryptographic keys.

Widespread impact on crypto wallet security

This flaw, stemming from insufficiently random key generation, poses a threat to a vast number of wallets. Particularly vulnerable are wallets created before March 2012, which hold an estimated $100m in BTC. Average computer users could potentially hack these devices. Additionally, wallets created up until the end of 2015, containing around $50 billion in BTC, are at risk, with at least 2% of them susceptible due to weak randomness.

Eric Michaud, co-founder of Unciphered, highlighted the gravity of the situation, stating, “BitcoinJS is terribly broken up till March 2014. Anyone directly using it is on the very high end of risk to attack.”

Efforts to mitigate the risk

Following the discovery, Unciphered is alerting the public and urging wallet owners to move their funds to safer storage. They’ve partnered with to update and notify over 1.1 million users with at-risk wallets.

This event highlights the risks in digital currencies and underscores the need for strong security. As the crypto market grows, vigilant and proactive measures are essential to safeguard investors.

The post Millions of crypto wallets at risk due to overlooked code flaw appeared first on ReadWrite.


Latest Articles


By submitting this form on our website, you agree that we may collect and use your personal information for marketing, and for other purposes as set forth in our privacy policy, which we encourage you to review.