{"id":87066,"date":"2023-11-15T13:21:49","date_gmt":"2023-11-15T11:21:49","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=87066"},"modified":"2025-09-13T09:27:55","modified_gmt":"2025-09-13T06:27:55","slug":"unciphered-highlights-2-1-billion-risks-in-bitcoinjs-wallets","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/unciphered-highlights-2-1-billion-risks-in-bitcoinjs-wallets\/","title":{"rendered":"Unciphered highlights $2.1 billion risks in BitcoinJS wallets"},"content":{"rendered":"<p>More than 1 million BitcoinJS wallets and its derivatives created between 2011 and 2015 contain the Randstorm vulnerability, which could lead to hacking and the loss of $2.1 billion held on them, according to Unciphered.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Today we release our work on Randstorm: a vulnerability affecting a significant number of browser generated cryptocurrency wallets <a href=\"https:\/\/t.co\/CebdytNaC6\">https:\/\/t.co\/CebdytNaC6<\/a> <\/p>\n<p>Reporting <a href=\"https:\/\/twitter.com\/washingtonpost?ref_src=twsrc%5Etfw\">@washingtonpost<\/a> <a href=\"https:\/\/t.co\/OzYDq2tH4W\">https:\/\/t.co\/OzYDq2tH4W<\/a><\/p>\n<p>Technical write-up: <a href=\"https:\/\/t.co\/HPqjtaX1CA\">https:\/\/t.co\/HPqjtaX1CA<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Bitcoin?src=hash&#038;ref_src=twsrc%5Etfw\">#Bitcoin<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/blockchain?src=hash&#038;ref_src=twsrc%5Etfw\">#blockchain<\/a> <a href=\"https:\/\/t.co\/aN7CZh9sv4\">pic.twitter.com\/aN7CZh9sv4<\/a><\/p>\n<p>\u2014 Unciphered LLC (@uncipheredLLC) <a href=\"https:\/\/twitter.com\/uncipheredLLC\/status\/1724434280183455919?ref_src=twsrc%5Etfw\">November 14, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Beyond Bitcoin, wallets for Dogecoin, Litecoin and ZCash could also be at risk.<\/p>\n<p>The software vendor notified owners of the need to move crypto assets from old addresses.<\/p>\n<p>In the report, experts noted that BitcoinJS wallets are easy to set up, which has given them a large share of the market. The easiest to hack are those created before March 2012.<\/p>\n<p>According to experts, the vulnerability stems from the SecureRandom() function in the JSBN JavaScript library (used until March 2014), in combination with weaknesses in core browser implementations of Math.random().<\/p>\n<p>In October, losses from hacker attacks stemming from 23 incidents <a href=\"https:\/\/forklog.com\/en\/news\/report-october-losses-from-hacks-and-scams-fall-to-51-million\">fell to $51 million<\/a> \u2014 down 85.6% from a month earlier.<\/p>\n<p>Later, analyst ZachXBT <a href=\"https:\/\/forklog.com\/en\/news\/expert-reports-27-million-crypto-wallet-hack\">reported<\/a> a crypto wallet breach worth $27 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unciphered: more than 1 million BitcoinJS wallets created between 2011 and 2015 contain a vulnerability that could lead to hacking and the loss of $2.1 billion.<\/p>\n","protected":false},"author":1,"featured_media":87067,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[18,1301,57],"class_list":["post-87066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitcoin","tag-blockchain-vulnerabilities","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"88","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=87066"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87066\/revisions"}],"predecessor-version":[{"id":87068,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87066\/revisions\/87068"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/87067"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=87066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=87066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=87066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}