By Nam Hyun-woo
With fears over massive data leaks rising following reports that Intel's central processing units (CPUs) have "the worst-ever" security flaws, concerns are rising that bitcoins and other digital coins stored in personal computers or cloud servers using those chips can be stolen by cyberattackers.
According to CoinKorea, one of the leading cryptocurrency online communities, hackers might use the bug called Meltdown to steal cryptocurrencies in computers and servers used by exchanges and traders.
By using the Meltdown bug, attackers can break the fundamental memory isolation between user applications and the computer's core memory. By bypassing the barrier, hackers can peep into data processed by the CPUs, including passwords and other secrets, according to a paper issued by researchers who discovered the flaw.
Michael Schwarz, one of the researchers, posted on Twitter video footage of the bug in action, stealing a password in real time.
"The biggest problem of Meltdown is that no encryption or vaccine program can prevent or defend against those attacks because the flaw stems from vulnerability in hardware architecture," CoinKorea said. "We strongly recommend that software patches against Meltdown should be installed in personal computers and servers which store cryptocurrencies. Especially, we believe urgent responses are required for exchanges."
The bugs are already affecting the digital token scene, though indirectly. On Friday, several cryptocurrency exchanges, including Bittrex, were taken offline as Azure cloud services offered by Microsoft were being patched for the fix.
Concerns are also growing over some exchanges using centralized ledgers because they keep investors' private keys and data stored in one place.
Earlier this week, a group of researchers announced they have discovered "one of the worst CPU bugs ever found" and named them Meltdown and Spectre. Those two bugs affect nearly all processing chips made by Intel, AMD and ARM, meaning almost every modern computer, smartphone and cloud service in the world may be vulnerable to attacks through those flaws.
Unlike Meltdown, which is so far known to affect only Intel chips, Spectre affects not only Intel but also AMD- and ARM-manufactured chips. It allows hackers to trick error-free programs running best practices into giving up secret information, according to the Spectre paper issued by the researchers.
Following the announcement, Intel and other chipmakers have released a patch for users to update their operating systems.
However, a number of info-tech experts have claimed those patches may slow down computers, while Intel denied it in its statement, saying: "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Suspicions are also growing that Intel may have delayed reporting about the bug, even after becoming aware of the flaws months earlier.
Google, whose Project Zero team joined the discovery, said it informed the affected companies about the flaws in June 2017.
Business Insider reported that Intel CEO Brian Krzanich sold $24 million in stocks and options in November after Intel was informed of the vulnerabilities. Intel said Krzanich is "unrelated" and he will "continue to hold shares in line with corporate guidelines."