Disclosure of Vulnerable Bitcoin Wallet Library
Tl;dr: On 11/14/23 Unciphered will be disclosing a major vulnerability in a Bitcoin Wallet library - this 30 day delay is designed to prevent bad actors from taking advantage of this vulnerability while we work with vendors to protect affected parties.
—------------------------------------------
In January 2022, during an engagement with an Unciphered client, we discovered a significant vulnerability in a Bitcoin Wallet library. Subsequently, we attempted to identify parties who may have used the library, and have been working to identify affected end users.
Today, the process of notifying possibly vulnerable users has begun. There will be vendor provided instructions on how to address this vulnerability in the industry. If you have been contacted by anyone regarding a vulnerable wallet, please visit the vendor’s official website(s) to follow their instructions. In case you have forgotten your login credentials, we may have the means to assist you in recovering your funds, thus preventing potential asset theft due to the vulnerability.
About thirty days from today, we will publish online our Technical Analysis of the library in question https://www.randstorm.com. This delay is to prevent bad actors from taking advantage of crypto wallet users, and to provide a large enough window for as many people as possible to move their funds before a parallel attack can be achieved.
If you have received a communication regarding this vulnerability, and you have lost access to your wallet and do not have your credentials, please go to the dedicated form for this particular vulnerability: https://www.unciphered.com/blockchaincom
If you have not received an email or SMS informing you that you are vulnerable, please disregard this post.
-The Unciphered Team