My funds were stolen from online wallet. Only single address affected, so seems Blockchain.info wallet has vulnerability in RNG:
https://bitcointalksearch.org/topic/blockchaininfo-security-funds-stolen-277595
https://bitcointalksearch.org/topic/blockchaininfo-security-funds-stolen-277595
Important!
I can confirm there is a problem with the RNG used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.
Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.
Chrome extension - v2.85
Fixefox extension - v1.97
Mac client - v0.11
Users of the web interface should clear their browsers cache before next login.
Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email [email protected].
-----
Piuk, please, could your site implement importing password protected private keys according to BIP38? Many people use that for their offline savings and allowing to spend the key directly from blockchain.info would help a lot. Thanks!
BIP38 supported has been added.
