Share this article

Cloudflare Bug Triggers Password Warnings from Bitcoin Exchanges

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a bug tied to Cloudflare.

Updated Sep 11, 2021, 1:07 p.m. Published Feb 24, 2017, 4:40 p.m.

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a newly discovered bug tied to web security firm Cloudflare.

Cloudflare, which provides denial-of-service protection, detailed the issue in a blog post published today. The company was first contacted about the bug last week by Google cybersecurity researcher Tavis Ormandy.

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The so-called "Cloudbleed" bug – a reference to 2014's Heartbleed vulnerability – is believed to have begun affecting services as early as September 2016, enabling the leak of memory that included sensitive information such as passwords and authentication tokens. The firm said the bug has since been patched.

News of the bug has triggered warnings from exchanges like Poloniex and Kraken, which suggested that users change their passwords, two-factor authentication and API keys. More broadly, cybersecurity advocates have strongly encouraged users of any site that utilizes Cloudflare to change their passwords as a precaution.

According to Cloudflare’s blog post, the real threat to users came as a result of some of that information being captured by search engines.

The firm explained:

“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence. The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”

A user on GitHub has curated a list of sites potentially affected by the bug, which includes industry services like Coinbase, BitPay, Blockchain and LocalBitcoins.

Other major websites, including Reddit, Uber and OKCupid, are said to be affected as well.

CoinDesk will continue monitoring this developing story.

Image via Shutterstock

Google Technology News Cybersecurity Cloudflare Technology News

More For You

KuCoin Hits Record Market Share as 2025 Volumes Outpace Crypto Market

By CoinDesk Research

Dec 22, 2025

Commissioned byKuCoin

KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.

What to know:

KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.

View Full Report

More For You

How a 'perpetual’ stock trick could solve Michael Saylor’s $8 billion debt problem

By James Van Straten|Edited by Nikhilesh De

1 hour ago

Strive CEO Matt Cole speaks at BTC Asia in Hong Kong (screenshot)

The bitcoin treasury firm is using perpetual preferreds to retire convertibles, offering a potential framework for managing long-dated leverage.

What to know:

Strive upsized its SATA follow on offering beyond $150 million, pricing the perpetual preferred at $90.
The structure offers a blueprint for replacing fixed maturity convertibles with perpetual equity capital that removes refinancing risk.
Strategy has a $3 billion convertible tranche due in June 2028 with a $672.40 conversion price, which could be addressed using a similar preferred equity approach.

Read full story

Latest Crypto News

How a 'perpetual’ stock trick could solve Michael Saylor’s $8 billion debt problem

1 hour ago

Solana’s new phase is ‘much more about finance,’ says Backpack CEO Armani Ferrante

3 hours ago

XRP drops 4% as traders watch whether $1.88 support holds

3 hours ago

Bitcoin slips below $88,000 amid government shutdown risk and ahead of Fed's first rate decision of the year

4 hours ago

Here's what Fed's highly anticipated rate decision this week means for bitcoin and the dollar

4 hours ago

Stacked gold bars (Scottsdale Mint/Unsplash/Modified by CoinDesk)

Why 98% of gold investors don't actually own a gold bar—and why that’s a problem

5 hours ago

The big U.S. crypto bill is on the move. Here is what it means for everyday users

9 hours ago

Fishing boats and luxury yachts in the port of Nice on August 20, 2018 in Nice, France. (Frédéric Soltan/Corbis, Getty Images)

How the ultra-wealthy are using bitcoin to fund their yacht upgrades and Cannes trips

6 hours ago

Here's what bitcoin bulls are saying as price remains stuck during global rally

Jan 24, 2026

Brian Armstrong and Larry Fink (David Dee Delgado/Getty Images)

Coinbase CEO says Big banks now view crypto as an ‘existential’ threat to their business

Jan 24, 2026

Here’s why bitcoin’s is failing its role as a 'safe haven' versus gold

Jan 24, 2026

Ether holding vs (Michael M. Santiago/Getty Images)

Crypto ETFs with staking can supercharge returns but they may not be for everyone

7 hours ago