Unciphered highlights $2.1 billion risks in BitcoinJS wallets

More than 1 million BitcoinJS wallets and its derivatives created between 2011 and 2015 contain the Randstorm vulnerability, which could lead to hacking and the loss of $2.1 billion held on them, according to Unciphered.

Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets https://t.co/CebdytNaC6

Reporting @washingtonpost https://t.co/OzYDq2tH4W

Technical write-up: https://t.co/HPqjtaX1CA #Bitcoin #blockchain pic.twitter.com/aN7CZh9sv4

— Unciphered LLC (@uncipheredLLC) November 14, 2023

Beyond Bitcoin, wallets for Dogecoin, Litecoin and ZCash could also be at risk.

The software vendor notified owners of the need to move crypto assets from old addresses.

In the report, experts noted that BitcoinJS wallets are easy to set up, which has given them a large share of the market. The easiest to hack are those created before March 2012.

According to experts, the vulnerability stems from the SecureRandom() function in the JSBN JavaScript library (used until March 2014), in combination with weaknesses in core browser implementations of Math.random().

In October, losses from hacker attacks stemming from 23 incidents fell to $51 million — down 85.6% from a month earlier.

Later, analyst ZachXBT reported a crypto wallet breach worth $27 million.