Level 22
Malware Hunter
Security researchers are warning that old Bitcoin addresses generated in the browser or through JavaScript-based wallet apps might be affected by a cryptographic flaw that allows attackers to brute-force private keys, take control of users' wallets, and steal funds.

The vulnerability resides in the use of the JavaScript SecureRandom() function for generating a random Bitcoin address and its adjacent private key (equivalent of a password).
SecureRandom() isn’t really random

The problem is that this function doesn't actually generate true random data, as an anonymous user recently pointed out on the Linux Foundation mailing list, along with David Gerard, a UK-based Unix system administrator.

"It will generate cryptographic keys that, despite their length, have less than 48 bits of entropy, [...] so its output will have no more than 48 bits of entropy even if its seed has more than that," said Gerard.
Users advised to move funds to new addresses

Gerard discovered that some web-based or client-side wallet apps used the SecureRandom() function, but eventually fixed the issue after it became public for the first time via a BitcoinTalk forum post in 2013, and later in a conference talk in 2015.

Gerard says that all Bitcoin addresses generated using the BitAddress client-side wallet pre-2013 and Bitcoinjs pre-2014 are affected.