Bitcoin Wallet Provider Blockchain is in PR hot water. Again.
Trouble began recently when the firm’s product lead got in a online verbal Reddit fight with Coinbase engineer, CoinDesk reported. Blockchain’s wallet was also recently pulled from Bitcoin.org due to security issues that impacted hundreds of users.
“The company found itself publicly promising to reimburse customers after a random number generator flaw that led to hundreds of addresses being compromised. Further, unsubstantiated online reports suggested that bitcoins had been stolen as a result of the issue,” according to the article.
Blockchain was required to disclose the security issues on its blog on Reddit, where the company admitted “our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner.” The mistake made it easier for attackers to retrieve the private addressed used to hold bitcoin. But the company claims addresses, wallets and transactions created via the Blockchain.info iOS and Android apps, and the Chrome extension are not affected.
Still, Blockchain CEO Nicolas Cary owned up to the mistake.
“We have built a huge amount of software,” he said on the Reddit post responding to critics. “We have released safely all the time, we have quality assurance leads. We have a security team. The real message to the community is that we are going to get better. We know we need to do a better job. At the same time, we have the humility to do what’s right and take care of our users when there are issues.
We have sent an alert to all users who have potentially vulnerable addresses in their wallets, for which we have an email on file. We are committed to working with any affected users to assess and rectify any issues.”
This troubled followed Bitcoin.org taking Blockchain off the list of wallets, but Cary said the company is committed to restoring its reputation.
“We are eager to resubmit there. We respect their decision, but ultimately we have made a lengthy defense for our position. We are still the only open-source company,” said Cary, who added that the company is making changes to its software, and that people should expect “exciting things coming to market in 2015.”
These security issues, however, are too big for players like Blockchain to make in this space, said Emin Gün Sirer, an associate professor of computer science at Cornell University. The issues could show a large problem in the “cryptocurrency space,” he added.
“There is no room for the smallest screwup, and we’re finding out that standard practices that are normal in Silicon Valley are unacceptable in the bitcoin world because there’s so much at stake,” he told CoinDesk, and suggested security failure rates across the bitcoin industry is high.