The world’s most popular web-based Bitcoin wallet service, Blockchain.info, suffered a security lapse during a software update that affected hundreds of users, the service said in a blog post on Monday (Dec. 8).
Blockchain.info said addresses, wallets and transactions created through the Blockchain.info iOS and Android apps, and the Chrome extension were not affected by the breach. The service recently tightened security for users connecting to the wallet through the anonymous Tor service.
“Our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner. The issue was present for a brief period of time between the hours of 12:00am and 2:30am GMT on December the 8th 2014. The issue was detected quickly and immediately resolved. In total, this issue affected less than 0.0002% of our user base and was limited to a few hundred addresses,” the service reported.
It said alerts were sent to all users with potentially vulnerable addresses in their wallets — at least the ones for which Blockchain.info has an email address on file — and asked all users who created a wallet, generated a new address via Blockchain.info’s web-wallet, or sent bitcoin from a wallet during the two-and-a-half-hour vulnerability window and haven’t provided and email address to either contact Blockchain.info’s support desk or simply create a new wallet.