Are your bitcoins safe?

Last Friday Feb 17th, Tavis Ormandy from Google and working on Project-Zero have come across a strange data that he wasn’t expecting while on a optimisation procedure for by analysing publicly available data (the whole story here).

This was private and confidential data that shouldn’t be publicly available at any cost. Further investigations lead him to the data coming from CloudFlare, one of the larger cloud service providers. The issue was related to parsing & modifying HTML pages on the fly by CloudFlare servers performed by a new module developed by CloudFlare team to replace and old module.

According to Tavis, this bug have revealed many confidential data like conversations on a dating website or even emails and passwords of customers, and this data was available in internet caches. Though, he and CloudFlate team made a lot of work to identify and clear these caches, there could be some additional data somewhere on the net.

How this could affect Bitcoin?

As CloudFlare is one of the largest Cloud Services providers in the world, many exchanges rely on their infrastructure to host their website, which can be of huge severity.

Using the dig command to identify the DNS behind a website, we can see that within the Top 10 Bitcoin exchanges by MarketCap, many of them are behind CloudFlare servers:

>for i in bitfinex.com kraken.com poloniex.com okcoin.cn bitstamp.com huobi.com gdax.com btc-e.com exchange.btcc.com gemini.com coinbase.com blockchain.info; do dig $i -t NS |grep cloudflare; done
Bitcoin exchanges using CloudFlare

Edit : “There is no official announcement by these bitcoin exchanges related to the CloudFlare issue yet or as Tavis call it “CloudBleed”, but I hope it of no danger for the end users.”

Kraken have released an announcement :
http://blog.kraken.com/post/157645323457/security-advisory-cloudflare-bug

The other exchanges still didn’t comment yet.

Please don’t hesitate to read the full thread by Tavis here:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139