More in detail
The vulnerability primarily affects multiple crypto projects and blockchains generated using BitcoinJS between 2011 and 2015.
- According to advanced cryptocurrency recovery company Unciphered, the Randstorm vulnerability can be abused by gaining access to the 32 to 64-bit GUID wallet number generated during the wallet creation.
- Since these numbers are available one in several thousand instead of one in a trillion, they make wallets susceptible to brute-force attacks.
- While the vulnerability is exploitable, the amount of effort required to exploit vulnerable wallets varies, and that considerably increases over time.
- Researchers found that it was more difficult to launch an attack against impacted wallets generated in 2014 as compared to those generated in 2012.
- At least 15 vendors are affected by the vulnerability and these include the names Blockchain.info (renamed Blockchain.com), Dogechain.info, Bitgo, Bitcore by BitPay, and BitPay.
- Litecoin and Zcash wallets are also possibly affected by the flaw.
- Many GitHub projects that incorporated BitcoinJS during the affected time frame could also be vulnerable to cyberattacks.
Individuals with assets in the affected wallets are suggested to move to a newly generated wallet created with better-trusted software. Besides, vendors are recommended to audit the GitHub library and BitcoinJS ecosystem to determine that the sensitive information and financial assets of users are secure.