The researchers of Unciphereda company specializing in restoring access to crypto walletshave identified a series of very dangerous exploits for those dealing in cryptocurrencies.
We are talking about a series of vulnerabilities in the Libreria BitcoinJS which make it easy for hackers to break in and steal Bitcoin and similar stored in created wallets between 2011 and 2015.
At the time, in fact, the technology adopted in the context of private keys to protect cryptocurrencies it was not as advanced as the current one. In short, for potential attackers, obtaining the keys requires little effort.
Furthermore, the aforementioned library was adopted by many platforms in the sector, which makes long-time investors potentially at risk of attack. The experts at Unciphered, for convenience, called this set of vulnerabilities Randstorm.
In the past, some weak points of the library had been corrected (we are talking about ten years ago), but the very structure of the wallets created in that period seems to be undermined by their use. The phenomenon linked to Randstorm vulnerabilities is far from contained. We talk about several million of Bitcoin wallets at risk, for a total value of approximately 1.4 million BTC.
To get an even more concrete idea of the magnitude of the phenomenon, we speak of approximately one 3-5% of all crypto wallets In circulation. In fact, an irresistible attraction for any type of hacker operating in the sector.
Bitcoin wallet and Randstorm vulnerabilities: how to avoid disasters?
As is evident, we are not talking about a common IT exploit: there are no simple patches to “install” to solve problems related to wallets in danger. Replacing insecure keys is also not a viable option.
The most logical way to follow is to replace the potentially at-risk Bitcoin Wallet by adopting a new one. In this sense, Kaspersky provided some valuable advice for making the transition safely.
First of all, the use of a hardware wallet for long-term storage and a more “classic” wallet if you use cryptocurrencies for daily transactions.
Before carrying out any movements of crypto, it is best to ensure that the devices used, be they PCs or smartphones, are registered protected from possible interference. The presence of trojan o infostealerin fact, can be even more dangerous than the Randstorm vulnerabilities themselves.
Finally, data like the seed phrase they must be stored in safe places, well away from the devices that the user is using to replace the wallet.