The new Ethereum platform has been live for just over a week now and has already hit its first snag, a security alert that relates to the failure of the eth and AlethZero clients running on Windows systems to write the private keys of a number of individuals has been released and has been quickly followed up by an update advising that a hot fix or a new version (these may be the same thing) would be released shortly. For those that have lost their identities it is possible that they may have lost any of the funds that they transferred on the clients.
According to the ETH team the bug was found on the 7th august and led users to believe that they were getting private keys along with the public side of their key. Not all clients were affected, however, with users of geth, the command line interface not being hit by the bug so only users with Windows operating system using eth and AlethZero need to worry about this issue.
Elaborating on the issue further one of the ETH team wrote “While setting privacy permissions on the keys directory, insufficient error handling can cause the key files to not be written; this may be widespread on the Windows platform. As such, current versions of AlethZero and eth may include identities for which there exists no underlying key. Ether Presale Claim functionality of AlethZero may result in funds automatically being transferred to these lost identities.”
In order to work around the issue the team have advised that anyone using version 0.9.39 and before should avoid using the “Claim Presale Wallet” and no mining or receiving of funds into addresses should be carried out by anyone using version 0.9.39 or earlier of both eth and AlethZero.
The ETH team have advised any users of either AlethZero or eth to type in the following command in their current setup to ensure that they do in fact have a private key:
Once this has been run users should be safe in the knowledge that any addresses it does list have a private key.
The release date for the hotfix was to be around the 7th of August but a link has yet to be provided for either as of yet. As soon as a link has been issued this article will be updated accordingly.