New wallet flaw can expose users to hacking

According to a Pastebin user, a critical flaw in several wallet apps could expose users’ private keys which could compromise their security.
An anonymous Pastebin user recently revealed that a newly discovered flaw in certain Bitcoin wallet apps generate private keys which hackers can easily access and exploit. The flaw was discovered shortly after a Reddit user explained in a thread that they lost nine bitcoins following a transaction error. The transaction was made using the Blockchain.info software. However, the user failed to specify whether the flaw could be manipulated and whether the flaw could be attributed to either a coding mistake or to malicious intent.

The Pastebin user added that several Blockchain.info users already knew of the flaw and were playing around with the possibilities that the flaw offers. The user posted that anyone scrutinizing the underlying blockchain will find that several users have already toyed with the technology by transferring small amounts of Bitcoin to those addresses with private keys create by Sha256. According to the user, the fact that these addresses are so easy to trace seems intentional. However, the user also notes that this is not a novel practice amongst Bitcoin users.

The user added that he used publicly available information regarding the blockchain in order to establish whether the private keys were later used to create wallet addresses. After getting this information, he used block hashes for every single block created ever since Genesis. This process allowed the user to test all bitcoin addresses.

The user then continued to download the complete list of every single bitcoin address that has ever been made available to the public. Following the download, the user started finding the private keys linked to certain addresses. In this process, the user confirmed that over 40 bitcoin addresses have been transferring bitcoin over the last seven years.

According to the user, it is likely that a third-party wallet service, such as a web-based wallet, gambling site, or mining pool, could perhaps contain unauthorized and malicious code in their software. This flaw is capable of creating private keys purely based on publicly available addresses.

However, the Reddit user who lost nine bitcoins did confirm that they have successfully reclaimed their lost funds.