Crypto Opinions & News 'Randstorm' Vulnerability: Millions of Crypto Wallets Open to Theft

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Cryptocurrency wallets generated between 2011 and 2015 are vulnerable to an attack that allows threat actors to use brute-force methods to recover passwords for accessing funds. Researchers at Unciphered estimate that millions of wallets — with potentially hundreds of millions of dollars in them — remain vulnerable to attack.

The problem has to do with a no-longer-used randomization function in BitcoinJS, a JavaScript library for building Bitcoin and other cryptocurrency applications for the Web and NodeJS platforms.

Several of the projects that used the vulnerable BitcoinJS library — including BrainWallet, CoinPunk, and QuickCoin — are no longer around. But several others such as, Bitgo,, and Blocktrail, are still active.
Unciphered's effort to recover the password failed. But in the process of finding a way to retrieve it, researchers at the company discovered the BitcoinJS vulnerability, which they have since dubbed "Randstorm." In the 22 months since the discovery, the researchers have been working with and others that incorporated the vulnerable BitcoinJS function to notify affected users about the threat.

"We have been coordinating disclosure with multiple entities and, as a result, millions of users have been alerted," Unciphered said in a blog post this week. "In the event that it is possible an individual has assets held in an affected wallet, they should be moved to a newly generated wallet created with trusted software," the company noted.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.