You are at: Home » News » Scams & Theft » wallet users get stolen; service patched the bug and assures it will refund everyone wallet users get stolen; service patched the bug and assures it will refund everyone

After the discovery of a new bug in a Bitcoin wallet – this time, it was’s wallet -, about 50 BTC were stolen since Monday (19). However, the service has already announced it will refund all the users affected by the flaw.

The popular Blockchain website has the primary goal to provide market data and works as the main block chain explorer for Bitcoin, but users can also make the most of it and create a crypto wallet. The first sign of problems with the service arose a couple of days ago, when the user giantdragon posted this concerned message on the forum:

I used online wallet for small transactions on my Windows 7 64-bit PC with strong password kept in KeePass.

Today I noticed that about 1.8 BTC was stolen from one of the addresses (which used for Anonymous Ads earnings), but funds from other addresses in this wallet were not affected.

This leads me on thoughts that or Firefox may have some weakness in random number generator like the vulnerability was recently found in the Android.

Questioned about the possibility of a connection to the recent security vulnerability that affected the Android-based wallets, the user denied any link, so the problem had to be elsewhere.

After a short investigation, discovered that the bug was lying  in the random number generator that the web wallet was using to sign each Bitcoin transaction. Similar to the previous case, when the problem was the generator Java SecureRandom, this time the flaw was detected on the random numbers generated through the web browsers using the JavaScript programming language. This was giantdragon‘s first bet, since his funds from other addresses in the same wallet weren’t affected at the time.

However, unlike the Android-related bug, this new flaw only affected the signing of transactions, not the creation of private keys. The confirmation came from Blockchain’s Ben Reeves, known online as Piuk, who published on the forum.

“Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full”, he wrote this Tuesday (20). After patching the bug, Piuk asked users to “upgrade to the latest version of your client” with Chrome extension – v2.85, Fixefox extension – v1.97 or Mac client – v0.11. Also, the victims who just use the web wallet should clear their browser cache before using the Blockchain website again.

Talking with Coindesk, Reeves assured’s intention: “if someone thinks they have had funds stolen, if it is due to this bug it is very likely the coins will have been sent to the above address. If in doubt they can contact [email protected] and I will investigate further. Only a couple of BTC have been refunded so far”.

Free Bitcoin Crash Course

Learn everything you need to know about Bitcoin in just 7 days. Daily videos sent straight to your inbox.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We hate spam as much as you do. You can unsubscribe with one click.
We hate spam as much as you do. You can unsubscribe with one click.
Scroll to Top