The number of reports on hacking incidents involving bitcoin and bitcoin based businesses has started making a lot of people wonder whether there are any safer options for bitcoin storage and transactions at all. Recently, OKCoin — the China based international bitcoin exchange along with Huobi and other exchanges in China were at the receiving end of a targeted DDoS attack. Before that, the online bitcoin mining service was hacked into and user details along with an undisclosed amount of bitcoins were stolen. The list can go on and on.
READ MORE: DDoS Attack on OKCoin, Company Defends Itself
While people are planning of different ways of securing our bitcoin stash, it is now found that the hardware manufactured by a certain company has a vulnerability. The vulnerability was found in hardware security modules (HSMs) manufactured by SafeNet. The vulnerability, a software design flaw in SafeNet’s Luna G5 devices which was discovered by the Chief Security Officer of Gemini, Cem Paya while testing it.
According to one of the blog posts on Gemini’s site the vulnerability found by Cem Paya allowed experts to extract both public and private keys from the device which is not supposed to happen. HSMs are designed to be tamper-proof devices which are used for securely storing cryptographic keys for banks, payment processors and even governments. The vulnerability of SafeNet Luna G5 had put various bitcoin companies using that particular model of HSM to store bitcoin keys at risk.
Once the security flaw was reported, SafeNet released a patch last week to fix it. HSMs are still relatively new to the market and expensive as well. Until now SafeNet has been responsible for protecting over 750 million encryption keys in various domains. Among its customers, only a handful of them are currently using Luna G5 HSMs to secure their bitcoin deposits. Gemini will continue to be one of those companies as it intends to continue using SafeNet HSMs for backend security