Share this article
Cloudflare Bug Triggers Password Warnings from Bitcoin Exchanges
Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a bug tied to Cloudflare.
By Stan Higgins
Updated Sep 11, 2021, 1:07 p.m. Published Feb 24, 2017, 4:40 p.m.
Make us preferred on Google
Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a newly discovered bug tied to web security firm Cloudflare.
Cloudflare, which provides denial-of-service protection, detailed the issue in a blog post published today. The company was first contacted about the bug last week by Google cybersecurity researcher Tavis Ormandy.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The so-called "Cloudbleed" bug – a reference to 2014's Heartbleed vulnerability – is believed to have begun affecting services as early as September 2016, enabling the leak of memory that included sensitive information such as passwords and authentication tokens. The firm said the bug has since been patched.
News of the bug has triggered warnings from exchanges like Poloniex and Kraken, which suggested that users change their passwords, two-factor authentication and API keys. More broadly, cybersecurity advocates have strongly encouraged users of any site that utilizes Cloudflare to change their passwords as a precaution.
According to Cloudflare’s blog post, the real threat to users came as a result of some of that information being captured by search engines.
The firm explained:
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence. The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
A user on GitHub has curated a list of sites potentially affected by the bug, which includes industry services like Coinbase, BitPay, Blockchain and LocalBitcoins.
Other major websites, including Reddit, Uber and OKCupid, are said to be affected as well.
CoinDesk will continue monitoring this developing story.
Image via Shutterstock
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
Meta and Microsoft continue going big on AI Spending. Here's how bitcoin miners could benefit
In its fourth quarter earnings report, Meta said capital spending plans for 2026 should be in the range of $115-$135 billion, well ahead of consensus forecasts.
What to know:
- Fourth-quarter earnings results from Microsoft (MSFT) and Meta (META) suggested no slowdown in AI-related spending.
- Microsoft highlighted that AI is now one of its largest businesses and pointed to long-term growth.
- Meta projected sharply higher capital spending in 2026 to fund its Meta Super Intelligence Labs and core business.
Top Stories
