Randstorm Exploit Threatens Bitcoin Wallets 2011-2015: Millions at Risk

Photo of author

By Hiba Akbar

Bitcoin wallets made somewhere in the range of 2011 and 2015 are defenseless to another sort of exploit known as Randstorm Exploit. It makes it conceivable to retrieve passwords and get unapproved admittance to a large number of wallets traversing a few blockchain stages.

Key Points

  • Bitcoin wallets from 2011-2015 vulnerable to Randstorm exploit, leveraging browser weaknesses in random number generation.
  • About 1.4 million bitcoins at risk due to potential weak keys; users advised to verify wallet security at www.keybleed[.]com.
  • Vulnerability tied to BitcoinJS underscores wider cybersecurity risks in open-source software infrastructure.

“Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015),” Unciphered uncovered in a report distributed the week before.

Roughly 1.4 million bitcoins are believed to be stored in wallets created with cryptographic keys that may be susceptible. Users can assess the vulnerability of their wallets by visiting www.keybleed[.]com.

The cryptocurrency retrieval firm identified the issue anew in January 2022 during its assistance to an undisclosed client experiencing difficulty accessing their Blockchain.com wallet. A security researcher known under the pseudonym “ketamine,’’ brought to attention this issue first in 2018.

The essence of the weakness comes from the utilization of BitcoinJS, an open-source JavaScript bundle utilized for creating program-based cryptographic money wallet applications.

Particularly, Randstorm is established in the bundle’s dependence on the SecureRandom() capability in the JSBN javascript library combined with cryptographic shortcomings that existed around then in the internet browsers’ execution of the Math.random() capability, which considered frail pseudorandom number age. BitcoinJS maintainers ceased the utilization of JSBN in 2014.

Thus, the insufficient entropy could be taken advantage of to arrange brute-force attacks enabling the retrieval of wallet private keys produced with the BitcoinJS library (or its related projects). Wallets created before March 2012 are the most susceptible to exploitation.

The discoveries shed new insights into the open-source conditions controlling programming infrastructure. They underscore how vulnerabilities within these fundamental libraries can pose cascading risks throughout the supply chain, a scenario exemplified by the revelations surrounding Apache Log4j in late 2021.

“The flaw was already built into wallets created with the software, and it would stay there forever unless the funds were moved to a new wallet created with new software,” noted Unciphered.

For more cyber security-related information, visit Daily Digital Grind!

Also, check out our recent articles,

Cyber Monday: Bagging Bargains with Walmart, Amazon, & Others

Researchers Uncover Security Flaw in Windows Hello Fingerprint Authentication

New Trigonometry-based Anti-Sandbox Technique deployed by LummaC2 Malware