A security alert has been issued by the Ethereum team regarding users of the Windows AlethZero and eth client. The bug fails to write the private key of some identities, which could result in lost funds transferred to these “lost identities.” A hot fix update has been published in response.
Ethereum developers were not kidding when they said there might be traps and highway men lurking behind the shadows of this unexplored Ethereum Frontier. One of such traps was discovered earlier this August 7, which could fool some users into thinking they had the private keys of newly generated public addresses on Widows Ethereum clients.
Specifically, the clients affected are AlethZero and eth implementations on Windows. Users of Frontier command line interface geth are unaffected. Jutta Steiner of the ETH team writes:
“While setting privacy permissions on the keys directory, insufficient error handling can cause the key files to not be written; this may be widespread on the Windows platform. As such, current versions of AlethZero and eth may include identities for which there exists no underlying key. Ether Presale Claim functionality of AlethZero may result in funds automatically being transferred to these lost identities.”
As a specific work