Bitcoin wallets made before 2016 could be facing new attack risks due to a recently discovered software flaw, according to a report from cryptocurrency startup Unciphered.
The flaw, dubbed “Randstorm,” includes a collection of bugs, design choices and API (Application Programming Interface) changes that increased the vulnerability of Bitcoin wallets created between 2011 and 2015, Unciphered said Tuesday.
That flaw may have impacted an estimated 1.4 million Bitcoin wallets, and if about 3 to 5 percent of them were impacted, the value of the coins at risk of being stolen is about $1.2 to $2.1 billion, according to the startup.
The issue was discovered last year after the startup was working with a customer who was locked out of a Bitcoin wallet made on the site now known as Blockchain.com. While investigating how to recover the wallet, Unciphered discovered an issue in wallets made by BitcoinJS from 2011-15.
The startup said this flaw also was found in some Dogecoin wallets made in that same period on Dogecoin.info.
Unciphered first shared their findings with the Washington Post, which reported BitcoinJS was supposed to make wallets with random cryptographic keys, but the flaw created keys that were not random enough.
Unciphered pointed out that the flaw does not mean Bitcoin or technology is broken, but rather was due a series of programming mistakes that spread across several technologies between 2011-15.
Those who believe their wallet may be vulnerable were advised to move their assets to a new or more recently created wallet.
Unciphere emphasized it’s not the first organization to pick up on the vulnerability, pointing to a series of instances in the past eight years where individuals drew attention to problems with blockchain technology.