ORIGINAL POST ON REDDIT: https://www.reddit.com/r/litecoin/comments/5vwvv6/litevault_public_statement_on_cloudbleed/
A recent exploit with Cloudflare has caused thousands, if not millions of sites to have data leakage, and is requiring people to change their passwords across many many sites, practically every bitcoin exchange, every server host etc.
Read More:
- GitHub - pirate/sites-using-cloudflare: 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
- 1139 - project-zero - Project Zero - Monorail
- https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).
LiteVault does NOT send your password to the server at any time, and your wallet is NOT rendered by the server at any time. This means it’s not possible for Cloudflare to have been memory leaking your private keys or addresses.
Those using the TOR hidden service are also not affected.
In some rare cases, it may be possible that your encrypted wallet file was leaked, however an attacker would need to have your password, and would need to use bruteforce against an AES encrypted blob, with no password hash header.
If you’re paranoid, you may create a new wallet with new addresses, however, if you have a strong password, it’s near impossible to crack your wallet if it was leaked.
Note: In the unlikely event that your wallet WAS leaked, changing your password would not help, as they would already have the encrypted blob (similar to taking wallet.dat from litecoin core). If you are concerned about this, again, you should create a new wallet and migrate all of your LTC to new addresses.
tl;dr; - Don’t worry. You’re probably not affected in any way. If you have a weak password, and are storing a large amount of LTC, you may want to create a new wallet on LiteVault as a precaution.