The flaw makes old Bitcoin addresses generated in the browser or via JS-based wallet application vulnerable to brute-force attacks. As a result, attackers can get access to users’ wallets and steal their cryptocurrency funds.
Cryptography is profoundly unforgiving of errors. You don’t mess with it. You don’t roll your own — you need battle-hardened algorithms that have been torture-tested by the most technically ruthless cryptographers you can find, said the researchers who reported the issue.
The issue is stemming from the function not generating random data as it is supposed to do.
The function will generate cryptographic keys that, despite their length, have less than 48 bits of entropy, meaning that the key’s output will have no more than 48 bits of entropy even if its seed has more than that, researchers added.
SecureRandom() then runs the number it gets through the obsolete RC4 algorithm, which is known to be more predictable than it should be, i.e. less bits of entropy. Thus, your key is more predictable.
All of the above means that the Bitcoin addresses generated through the the SecureRandom() function are prone to brute-force attacks that may reveal the user’s private key. If the latter happens, the user’s funds may be stolen.
Who is affected?
Apparently, all wallets generated by js tools within browsers since the beginning of Bitcoin until 2011 are impacted by the Math.random weakness if applicable to the related implementations, the Math.random or RC4 (Chrome) weakness between 2011 and 2013, and RC4 weakness for Chrome users until end of 2015, researchers clarified.
In other words, these keys will be easy to crack by brute-force attack of computing power.
The following are likely affected:
– BitAddress pre-2013;
– bitcoinjs before 2014;
– current software that uses old repos they found on Github.