Bitcoin Wallet Security Issues Creates More Controversy

Bitcoin Wallet Provider Blockchain is in PR hot water. Again.

Trouble began recently when the firm's product lead got in a online verbal Reddit fight with Coinbase engineer, CoinDesk reported. Blockchain's wallet was also recently pulled from due to security issues that impacted hundreds of users.

"The company found itself publicly promising to reimburse customers after a random number generator flaw that led to hundreds of addresses being compromised. Further, unsubstantiated online reports suggested that bitcoins had been stolen as a result of the issue," according to the article.

Blockchain was required to disclose the security issues on its blog on Reddit, where the company admitted "our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner." The mistake made it easier for attackers to retrieve the private addressed used to hold bitcoin. But the company claims addresses, wallets and transactions created via the iOS and Android apps, and the Chrome extension are not affected.

Still, Blockchain CEO Nicolas Cary owned up to the mistake.

"We have built a huge amount of software," he said on the Reddit post responding to critics. "We have released safely all the time, we have quality assurance leads. We have a security team. The real message to the community is that we are going to get better. We know we need to do a better job. At the same time, we have the humility to do what's right and take care of our users when there are issues.
We have sent an alert to all users who have potentially vulnerable addresses in their wallets, for which we have an email on file. We are committed to working with any affected users to assess and rectify any issues."

This troubled followed taking Blockchain off the list of wallets, but Cary said the company is committed to restoring its reputation.

"We are eager to resubmit there. We respect their decision, but ultimately we have made a lengthy defense for our position. We are still the only open-source company," said Cary, who added that the company is making changes to its software, and that people should expect "exciting things coming to market in 2015."

These security issues, however, are too big for players like Blockchain to make in this space, said Emin Gün Sirer, an associate professor of computer science at Cornell University. The issues could show a large problem in the "cryptocurrency space," he added.

"There is no room for the smallest screwup, and we’re finding out that standard practices that are normal in Silicon Valley are unacceptable in the bitcoin world because there’s so much at stake," he told CoinDesk, and suggested security failure rates across the bitcoin industry is high.




Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.