Blockchain.info Random Number Flaw Leads to Additional Bitcoin Thefts

2 Flares Twitter 0 Facebook 0 Google+ 2 LinkedIn 0 Email -- 2 Flares ×

For a second time in as many weeks, users of mobile bitcoin wallets have become vulnerable to a random number generator that exposed their private keys in transactions. Transferring bitcoin requires signing a transaction with a private key, in combination with a random number that is generated by whatever software is sending the transaction. The private key is what allows a user sole access to spending bitcoins in their address. If a random number is not actually random but predictable or repeated, then a careful observer can reverse-engineer the user’s private key and gain access to all bitcoins in that address. A vulnerability was reported in Android’s SecureRandom last week which has since been repaired. It was recently brought to light that a similar issue occurred in Blockchain.info’s web wallet, which was repaired yesterday.

Several users reported bitcoins disappearing from their wallet. Upon careful inspection it was determined that the same random value was used to sign transactions in these addresses and that all of the transactions were initiated from Blockchain.info’s wallet service. These transactions occurred over a period of several weeks so this was clearly not a new vulnerability. After assessing the situation and patching the issue, Blockchain.info released this statement:

Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.

Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.

Chrome extension – v2.85
Fixefox extension – v1.97
Mac client – v0.11

Users of the web interface should clear their browsers cache before next login.

After a repair was in place Jesse James released a detailed list of all addresses that were vulnerable to the random number flaw.

All of the stolen bitcoins reported to have gone to the same address and appear to have been contained to 1.8 BTC. Blockchain.info has offered to replace all bitcoins lost due to their security flaw. As with the Android flaw, we recommend the same process for securing vulnerable addresses:

  1. Generate a new address on another application.
  2. Transfer all existing bitcoins to the new address. Do not send any bitcoins from this address using an older version of the Blockchain.info client
  3. Notify any users of your old address of the change, so that the compromised address does not receive any more bitcoins.
2 Flares Twitter 0 Facebook 0 Google+ 2 LinkedIn 0 Email -- 2 Flares ×