Emercoin wallet security vulnerability alert

[IgorTrapeznikov]

A zero-day vulnerability was recently found in the Emecroin wallet software by the Russian cryptocurrency security research team Digital Security.

The vulnerability exists in the main wallet code, so it is present on all platforms, including Windows/Mac/Linux, Android, iOS, and Cryptonator.

Due to insufficient randomization during cryptographic seed generation, it is possible to brute-force 12-word Wallet Back Up Phrase for any Emercoin wallet using high-speed algorithm running on GPUs.

The exploit is already in the wild and some users have reported that they have lost a large amount of money in Emercoin after their wallets were hacked.

The security design of Emercoin wallet prevents using more than 4 concurrent threads for brute-force, so at most 4 GPU can be used for brute-forcing the key.

This number of GPUs limit brute force time to around 12 hours on the fastest GPUs available today.

Until this vulnerability will be patched by the Emecroin team in the next version of the Emercoin wallet software, the only way to make sure that your funds would not be stolen is to create a new wallet every 8−10 hours and transfer the funds there, so hackers would not have enough time to crack the key.

The exchanges are also not safe and would be the primary target for the hackers due to a large amount of Emercoin funds deposited there.

We hope that this vulnerability is related only to the wallet software and not to the blockchain itself. If this is the case, it should be fixed relatively soon and full blockchain fork would not be necessary.

Some technical details about the bug can be found on the Russian Emercoin wiki: wiki.emercoin.com/ru/Errors

There is no detailed English description at the moment

We will publish updates as soon as we find any new information about this issue.

newbie deactivated link:http://cryptoscamreport.org/02222018-emercoin-wallet-security-bug [nonactive]