A critical vulnerability, dubbed “Randstorm,” has been identified by cybersecurity firm Unciphered, posing a significant threat to millions of cryptocurrency wallets. This vulnerability impacts wallets created using web browsers from 2011 to 2015, potentially affecting around $2.1 billion in crypto assets.
The discovery and impact of Randstorm
While attempting to retrieve a Bitcoin wallet, Unciphered discovered the flaw, which originates from BitcoinJS and its derivative projects. This vulnerability could compromise millions of wallets, including those holding Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Zcash (ZEC). The firm’s analysis suggests that the issue is not confined to a single blockchain but could span across multiple projects.
Unciphered has urged individuals with wallets generated within the specified timeframe to transfer their assets to newer wallets, created with trusted software post-2016. The company has alerted millions of users about this threat. While the vulnerability’s exploitation details remain undisclosed to prevent aiding malicious actors, the firm confirms that the risk is actionable.
In the wake of the $100 million Poloniex hack, the crypto community faces another significant cybersecurity challenge with the discovery of the “Randstorm” vulnerability. This threat, identified by cybersecurity experts at Unciphered, affects millions of cryptocurrency wallets generated using web browsers between 2011 and 2015.
Scope and severity of Randstorm
During efforts to retrieve a Bitcoin wallet, Unciphered stumbled upon a potential widespread issue rooted in BitcoinJS and similar projects. This vulnerability is estimated to impact approximately $2.1 billion in crypto assets. Cryptocurrencies like Bitcoin, Dogecoin, Litecoin, and Zcash, which were stored in wallets created during the specified period, are potentially at risk.
Unciphered’s discovery has led to an immediate response, advising individuals who used web browsers to generate self-custody wallets before 2016 to move their funds to newer wallets. This precautionary step is crucial, considering the vulnerability’s exploitability. However, the company has refrained from detailing the exploitation methods to prevent providing a roadmap for cybercriminals.