Security Alert 1 [windows+alethzero] | Ethereum Foundation Blog

This affects users of the Alethzero GUI client on Windows. Users on Windows platforms, whether or not using the eth CLI client, are unlikely to be affected, but should take the actions described below. Users of the Frontier command line interface geth are not affected..

Problem description: When setting privacy permissions on the key directory, poor error handling can result in the key file not being written. This may be widespread on Windows platforms. Therefore, current versions of AlethZero and eth may contain IDs for which the underlying keys do not exist. AlethZero’s Ether Presale Claim feature may automatically transfer funds to these lost IDs.

Workaround: Users of AlethZero version 0.9.39 and earlier should not use the “Claim Presale Wallet” feature. Users of AlethZero and eth versions 0.9.39 and earlier should not mine or receive funds with their addresses.

Users of eth and AlethZero on all platforms should consider themselves secure once they verify that they actually have the underlying keys. To check (on an existing setup) run the following command:

ethkey.exe –list

You might think that all the addresses listed actually have keys and are not experiencing this problem.

Corrective action by Ethereum: A new hotfix has been released with changes:

repair: Starting from version 0.9.40, it will be available from around 2015.08.07 18:30 CEST.

Related Article


Leave a Comment