When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

If you've got an old money store, check it for hacked gaps


Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week.

David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday.

"The popular JavaScript SecureRandom() library … isn’t securely random," he wrote, pointing to an anonymous post to a Bitcoin mailing list a week ago that revisited the issue.

The post attributes the shortcomings of the code to JavaScript's lack of type safety. A bug causes the code to fail to utilize the browser's window.crypto API and to fall back on the cryptographically inadequate Math.random() API.

Via Twitter and on the mailing list, Mustafa Al-Bassam, a doctoral researcher in computer science at University College London, said that the problem lies with a pre-2013 version of jsbn, a JavaScript crypto library.

This particular crypto flaw has been publicly known since at least 2013. And Bitcoin Core developer Greg Maxwell discussed the issue during a 2015 presentation.

The perils of fallback

In response to the dustup, Filippo Valsorda, a cryptographer working for Google, advised against implementing any kind of fallback when generating keys.

Matthew Green, an assistant professor of computer science at Johns Hopkins and cryptography expert, in a phone call with The Register concurred. "Fallback is always kind of lousy idea," he said.

Green explained that problem with the code might extend not just to older wallet apps utilizing weak key generation but to Bitcoin addresses generated at the time.

"If you generated your Bitcoin address using this code, you could potentially have crackable, predictable keys that could be exploited to steal money," he said.

Green said it can be difficult to tell how browsers and apps generate keys because it's not always apparent and there's significant variation.

cop

Disgraced US Secret Service agent coughs to second Bitcoin heist

READ MORE

Google's Chrome browser was affected by the issue until 2015.

The result of the subpar random number generation, Gerard says, is that crypto keys generated using this code are predictable enough to crack through brute force, in perhaps a week.

Gerard in his post declares "most web wallets" for storing cryptocurrency are affected by this flaw but doesn't name any specific ones. But, if we're lucky, it may be rather fewer than that.

In an email to The Register, he clarified while he doubts anything developed recently is vulnerable, apps using keys generated back then may be.

What's at risk?

Asked for examples, he said possibly affected digital wallets include Bitaddress (pre-2013), Bitcoinjs (pre-2014), and anything using older GitHub repos that implement SecureRandom().

Bitcoin contributor Dave Harding expressed skepticism about the motives of the person who revived the issue on the Bitcoin mailing list, pointing to the individual's rather dubious choice of remailers and the inclusion of a Bitcoin address in the message, presumably to solicit donations.

"So, although the issue is legit (but ancient), I myself suspect this person was just out to stir up a little drama or money," he said in an email to The Register.

As it happens, the price of Bitcoin surged on Thursday.

Harding acknowledged that some Bitcoin private keys generated in web browsers years ago are not as secure as they could be.

"Likely the least secure keys have already been compromised and the users' funds stolen; some other keys may have been secure enough at the time but can still be compromised in the future," he said.

He advised those with concerns to contact their wallet vendor and noted Bitcoin.org maintains a list of digital wallets without known security issues. ®

Broader topics

Narrower topics


Other stories you might like

  • Clipminer rakes in $1.7m in crypto hijacking scam
    Crooks divert transactions to own wallets while running mining on the side

    A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

    The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.

    The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

    Continue reading
  • Inverse Finance stung for $1.2 million via flash loan attack
    Just cryptocurrency things

    A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

    "Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

    And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."

    Continue reading
  • Coinbase CEO cuts 1,100 jobs, warns of 'crypto winter'
    The buck stops with me, says Armstrong, but I still have a job

    Coinbase has axed 1,100 employees, cutting its workforce by 18 per cent, while the value of digital assets including Bitcoin plummet amid rising inflation rates in the US.

    CEO Brian Armstrong announced on Tuesday he was "making the difficult decision to reduce the size of [the] team ... to stay healthy during this economic downturn." As the largest US cryptocurrency exchange, Coinbase employed about 1,250 employees at the start of 2021, when novel blockchain-based technologies such as NFTs and stablecoins exploded, launching the current Web3 hype to new heights.

    But the glowing promise of getting rich from trading cryptocurrencies or cartoon apes is losing its shine, spelling bad news for Coinbase. Armstrong warned of a "crypto winter" as America looks set to enter a recession.

    Continue reading

Biting the hand that feeds IT © 1998–2022