Heartbleed Compromises Bitcoin Wallets: Digital Currency Also Built Using OpenSSL
Bitcoin is the latest digital entity to be added to a growing list of organizations compromised by the Heartbleed bug.
The Bitcoin Foundation said on Friday that the latest version of Bitcoin Core, the open source software that enables the use of the digital currency, used a version of OpenSSL, a cryptography library used to password-protect websites, apps, and Web servers, which was affected by Heartbleed.
“If you are using the Windows version of the Bitcoin Core [graphical user interface] without a wallet passphrase, it is possible that your wallet could be compromised by clicking on a bitcoin payment request link,” the Bitcoin Foundation said on its website. “It is possible [but unlikely] private keys could be sent to the attacker.”
Bitcoin wallets on Android phones are also at risk if the phone is still running the Android 4.1.1 “Jelly Bean” operating system.
The Bitcoin Foundation advised all bitcoin developers and merchants to upgrade to the latest version of Bitcoin Core and urged mobile users to upgrade their version of Android. The foundation also recommended that mobile users upgrade their Bitcoin Wallet app to the latest version.
You can read more details about how Heartbleed affects bitcoin at the Bitcoin Foundation’s website.
The announcement is just the latest blow to bitcoin’s public image. In February, one of the largest bitcoin exchanges in the world, Mt. Gox, shut down after millions of dollars worth of bitcoins were lost due to a cryptography glitch.
(By Ryan W. Neal)