WinRAR Exploit Allows Coin Wallet Theft, But It Has Survived 14 Years Without Any Public Knowledge


Most cryptocurrency exchanges have some kind of auditing performed on their platform periodically, determining if there are any glitches or bugs that would inhibit the safety of consumers. There is a trialware product called WinRAR, which is file archiver utility for Windows operating systems. It allows for the unpacking of many archive file formats. In a recent post from a user on the Bitcoin subreddit, it seems that there is an exploit on the common version of this trialware, allowing executable code to be input into a system for the theft of cryptocurrency.

The fact that cryptocurrency can be infiltrated in this way is already stunning enough, but the user revealed that this buy has existed for 14 years without being detected until now. Considering that the crypto market was not developed until 10 years ago, this means that someone had to create a bug in the code that had not been prepared for what it could do to future technologies.

To fix the patch problem, users only need to download the latest version from an official source. However, WinRAR is used by about 500 million users, and it is one of the most common pieces of software even available. The user notes that all it takes is opening the wrong RAR file, and a payload is put directly into the startup folder for Windows. As soon as the computer is rebooted, an exe file comes up, and no one ever updates their WinRAR so this would not be the case.

By enabling the code, it is fairly easy to allow Bitcoin wallets to be stolen from. Most investors know that they should not perform any crypto interactions on a general-purpose computer, if they can avoid it. In the event that they choose to use one, anti-virus software should already be installed. The risk all depends on the user, with hardware wallets easily being the safest way to protect holdings.

The library that WinRAR uses to process ACE archive files is responsible for this bug, so the creators of WinRAR have chosen to no longer support these kinds of files at all, making the bug useless. However, as stated above, the updated version is necessary to bypass it. The code had remained untouched since 2005, but the stable version can protect users.

Still, there is a major problem in crypto security that this event sheds light on – a user is only as secure as the location of their crypto operations. Windows has been the least secure for quite some time, but the popularity of the operating system seemed to take precedence for users. When storing cryptocurrency, the primary goal should be to maintain good security practices. Considering that this new crypto era gives a financial initiative to attackers, any protection and security is a necessity to token holders.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide