Due to the Randstorm vulnerability, 1.5 million bitcoins could be stolen.
A new type of attack called Randstorm could potentially steal 1.5 million bitcoins, especially those made between 2011 and 2015. The Randstorm flaw is a result of bugs, bad design choices, and API changes that make the quality of random numbers generated by the web worse. Around 1.4 million bitcoins are believed to be in wallets made with weak cryptographic keys, which could support a creative space program for years.
By brute force attacks, private keys can be used to get back the private keys of wallets made with the BitcoinJS library or projects that depend on it. The results highlight how flaws in core libraries used in open source projects can spread risks throughout the supply chain. In late 2021, a similar problem was seen with Apache Log4j.
The security flaw is built into BitcoinJS wallets from the start, making them unfixable. If your wallet was made between 2011 and 2015, the only way to keep your money safe is to move it to a new wallet made with more up-to-date software.