Bitcoin Wallets Created Before 2016 May Be Vulnerable – Billions at Risk?

Bitcoin Security Wallet
Last updated:
Journalist
Journalist
Sead Fadilpašić
Author Categories
About Author

Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / Zerbor

The US-based cybersecurity firm Unciphered has warned users globally that their Bitcoin (BTC) wallets created before 2016 may be in danger – as are billions in BTC.

Early crypto adopters and participants in a number of blockchain platforms between 2011-2015 may be affected by a major threat.

Over the last 22 months, Unciphered says, the team has been working on a vulnerability that affected BitcoinJS, a package for the browser-based generation of crypto wallets.

As the package was very popular, the vulnerability caused the generation of “a significant number “of vulnerable crypto wallets over the years.

The post details that, in January of 2022, Unciphered found the flaw when it worked for a customer locked out of a Blockchain.com (previously Blockchain.info) bitcoin wallet.

According to Unciphered’s website,

“By our estimates approximately 1.4M BTC are sitting in wallets that were generated with potentially weak cryptographic keys. If we conservatively estimate that only 3-5% of wallets generated during that time were affected, the current value of coins at risk is between 1.2 – 2.1Billion USD (assuming 1 BTC=$30,000).”

A number of experts have been warning about it since 2018, they added.

The issue has been named Randstorm.

Per Unciphered’s website,

“Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015).”

Meaning, they’re not quite as random as they should be.

At this time, the team will not provide more details on the exploitation of this vulnerability. This is done to give owners time to move their funds and avoid providing additional information to bad actors who are already at work.

Software Version Is Crucial

The mathematical underpinnings of bitcoin and blockchain remain strong, the team stressed. The issue is a series of programming mistakes “widely shared across many technologies.”

The software version used is particularly critical, the team said. Blockchain.info wallets, for example, created before March 2012, or other wallets created using the open-source version of BitcoinJS prior to crucial March 2014 updates, are at more risk.

BitcoinJS was used by many projects in the early 2010s, including the projects below.

Source: Unciphered

The team stresses that not all of the projects mentioned are affected.

For those that are, the impact varies depending on how long they utilized the vulnerable code, additional mitigations put in place, and the size of the user base at the time.

The team did confirm that the found vulnerability is exploitable. But the amount of work necessary to exploit wallets varies and increases over time: impacted wallets generated in 2014 are substantially more difficult to attack than those generated in 2012.

It’s Not Over

Unciphered disclosed the issue to Blockchain.com, Bitgo, Block.io, Dogechain.info, Bitpay, Blockstream Green, Bitaddress.org, Coinkite, and BitcoinJS.

It said,

“As a result of this, over a million users have received alerts advising them that their cryptocurrency wallets are potentially vulnerable and urging them to move their assets to more recently generated wallets.”

And BTC is not the only coin potentially affected – wallets of many altcoins may be, too.

For example, Unciphered researchers verified that the same flaws exist with DOGE wallet generation in the same period.

Lastly, the team warned that users may have only hours or days to save their funds.

“We can’t do more to protect you. Now you have to protect yourself. Move your money to a new wallet. Just as soon as you can.”

Users can check whether their wallets are vulnerable at www.keybleed.com.

More Articles

Bitcoin News
Ex-German Finance Minister Considers Bitcoin in State Reserves and Private Pensions
Veronika Rinecker
Veronika Rinecker
2025-02-11 12:31:54
Bitcoin News
Bitcoin Shows Local Bottom Signals as Miners Enter Capitulation Phase: Analyst
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-11 12:01:57
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors