Randstorm Exploit: 2011-2015年创建的比特币钱包被曝存在漏洞

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms.

2011年至2015年间创建的比特币钱包容易受到一种新型利用漏洞的攻击，称为Randstorm，该攻击使得可以恢复密码并未经授权访问涵盖多个区块链平台的众多钱包。

"Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015)," Unciphered disclosed in a report published last week.

“Randstorm()”是我们创造的一个术语，用于描述在一定时期的Web浏览器（2011-2015年）产生的随机数质量大幅降低的一系列错误、设计决策和API更改的组合。上周，《Unciphered》在一份报告中披露了这一情况。

It's estimated that approximately 1.4 million bitcoins are parked in wallets that were generated with potentially weak cryptographic keys. Customers can check whether their wallets are vulnerable at www.keybleed[.]com.

据估计，大约有140万比特币存放在使用可能存在弱加密密钥的钱包中。用户可以在www.keybleed[.]com上检查他们的钱包是否容易受到攻击。

The cryptocurrency recovery company said it re-discovered the problem in January 2022 while it was working for an unnamed customer who had been locked out of its Blockchain.com wallet. The issue was first highlighted way back in 2018 by a security researcher who goes by the alias "ketamine."

这家加密货币恢复公司表示，它于2022年1月重新发现了这个问题，当时它正在为一个无名客户工作，该客户无法进入其Blockchain.com钱包。这个问题最早是在2018年被一个化名为“ketamine”的安全研究员首次突显。

The crux of the vulnerability stems from the use of BitcoinJS, an open-source JavaScript package used for developing browser-based cryptocurrency wallet applications.

这个漏洞的关键在于使用BitcoinJS，这是一个用于开发基于浏览器的加密货币钱包应用程序的开源JavaScript包。

Especially, Randstorm is rooted in the package's reliance on the SecureRandom() function in the JSBN javascript library coupled with cryptographic weaknesses that existed at that time in the web browsers' implementation of the Math.random() function, which allowed for weak pseudorandom number generation. BitcoinJS maintainers discontinued the use of JSBN in March 2014.

特别是，Randstorm根植于该软件包对JSBN javascript库中的SecureRandom()函数的依赖，再加上当时Web浏览器对Math.random()函数实现存在的密码学弱点，这允许进行弱伪随机数生成。BitcoinJS的维护者在2014年3月停止使用JSBN。

As a result, the lack of enough entropy could be exploited to stage brute-force attacks and recover the wallet private keys generated with the BitcoinJS library (or its dependent projects). The easiest wallets to crack open were those that had been generated before March 2012.

因此，由于熵不足，可以利用这一点进行暴力攻击，并恢复使用BitcoinJS库（或其依赖项目）生成的钱包私钥。最容易破解的钱包是在2012年3月之前生成的。

The findings once again cast fresh light on the open-source dependencies powering software infrastructure and how vulnerabilities in such foundational libraries can have cascading supply chain risks, as previously laid bare in the case of Apache Log4j in late 2021.

这一发现再次突显了支持软件基础设施的开源依赖以及这类基础库中的漏洞如何可能具有级联的供应链风险，正如在2021年底Apache Log4j的案例中所揭示的那样。

"The flaw was already built into wallets created with the software, and it would stay there forever unless the funds were moved to a new wallet created with new software," Unciphered noted.

“这个缺陷已经内置在使用该软件创建的钱包中，并且除非将资金转移到使用新软件创建的新钱包，否则它将永远存在。” Unciphered指出。

原文始发于微信公众号（知机安全）：Randstorm Exploit: 2011-2015年创建的比特币钱包被曝存在漏洞