Getting More Secure Bitcoin Addresses
This information isn’t entirely new, Gerard revealed that he discovered discussion threads on the Bitcointalk forum as early as 2013 on this particular issue. Back then, some web-based bitcoin wallets used the SecureRandom() function to generate private keys.
According to Gerard, many bitcoin addresses that were generated using the BitAddress wallet service pre-2013 and Bitcoinjs pre-2014 are most likely affected by the same vulnerability. Gerard also hinted that current wallet software that makes use of old repositories found on GitHub might also be vulnerable.
Commenting on the issue, Mustafa Al-Bassam said that many old bitcoin wallet apps made use of jsbn.js cryptographic libraries to generate bitcoin addresses. There is a high probability that the pre-2013 versions of such libraries used the vulnerable SecureRandom() function. Al-Bassam is a Ph.D. researcher at the University College London, Computer Science Department. Gerard estimates that it would take about a week to crack the private keys of such addresses.
Bitcoin holders who have such addresses are advised to create new addresses using newer tools. They should also move their funds from the old addresses to the new ones to keep them safe.