An error in the Bitcoin Mycelium Wallet wallet prevents users from accessing their funds again when trying to restore the wallet with its 12-word seed phrase.

Due to a word that It was included by default as an additional password to the recovery words, unknown to the owners of the wallets, they could not recover access to their wallets.

On April 7, 2020, Mycelium Wallet , which is one of the oldest Bitcoin wallets in the ecosystem, accidentally introduced a bug that set the word “passphrase” by default as additional password to the 12 backup words , without prompting the user.

The update was introduced so that users who opened wallets and created their backup of 12 words, they actually had a 13-word recovery phrase.

On January 27, 2021 this bug was fixed, which seems to work fine on ve Android version, but with possibly some problems in the iPhone version.

Mycelium users do not have timely information

From IT4Crypto, a computer consulting company in Bitcoin and cryptocurrencies, they analyzed the case and alerted about this error. In exclusive comments for CriptoNoticias, Santiago Molins, CEO of IT4Crypto, explained that most wallets allow you to configure an additional password, in addition to the 12 backup words or backup derived of the BIP-39 standard, but Mycelium fails to inform its users that this additional word is being set by default.

No Communicating that the word “passphrase” was configured as a password is what causes anxiety among Mycelium users, who in the first instance consider their funds lost.

“Probably, in the field where the password is written they wanted to put a hint, indicate that there corresponds to enter a password, but they made a mistake and did it as input , adding the word “passphrase” as a valid password, ”he said in reference to Mycelium. The aggravating factor is, in the analyst’s discretion, in the fact that Mycelium dealt with the error in this way without notifying users how to proceed . Users are backing up their wallets incorrectly and are distressed when they see their wallets empty, without bitcoins (BTC).

It is serious that Mycelium ‘fixed’ this bug without notifying it and By doing so, all backups created between April 7, 2020 and January 27, 2021, are wrong from now on, because since Mycelium they never said that In addition to the 12 words, the word ‘passphrase’ was added as a password ”, emphasized the analyst.

As Molins explained after the GitHub account IT4Crypto, the namesake of his consulting company, there were three immediate consequences for users.

First, users did not see their fund balance in Mycelium , but when restoring in other wallets , they would have access to their bitcoins.

As a second scenario, other users would have lost access to their funds for not knowing that he The word “passphrase” was set as a password after the faulty version of Mycelium. Inadvertently, they would be switching to a wallet with a preconfigured password, losing their funds until they found out about this situation.

The third situation some users find themselves in is not having restored the wallet in no time, but they are unaware that they have a backup or incomplete backup, with one word less than it really is.

Molins commented that users who have entered the password “passphrase” have successfully restored their funds. This has not been properly announced by the company.

“Anyone can have an error”, as was the default configuration of a password in addition to the 12 backup words. “It is never too late to notify,” said the analyst, also assuming the responsibility of notifying these types of situations when he manages to discover them.

Mycelium, preferred by many, is outdated

Molins told CriptoNoticias that he managed to detect the problem with the help of developer Leo Wandersleb, who works for Mycelium, realizing that the loss of funds was not a robbery. The BTCs did not move from the direction that the users indicated to the consultant for review, nor were transactions presented, such as the cases mentioned. “It’s been three weeks and they still haven’t solved it,” the consultant rebuked.

As something remarkable, the renowned website TechRadar comments in a recent publication that the Mycelium support service does not have resources to guide new users of the application.

Likewise, they comment that despite offering advanced features, such as the private connection via Tor, “the lack of documentation makes us avoid recommending this application to experienced Bitcoin users “, says the British media specialized in technology.

In its version of Android, the wallet is the preferred one for many Bitcoin users, especially those who have used the protocol for some time and cryptocurrency. In the case of the iPhone, the development of Mycelium is somewhat deficient, for Santiago Molins’ impression. For both versions, he points out, there are different development teams, which makes it difficult to standardize both apps.

In Molins’s opinion, the portfolio is out of date . In addition, although the code of the portfolio is open, the Mycelium license authorizes only its review for reference ( Microsoft Reference Source License or MS-RSL, for its acronym) , so it cannot be forked or implemented independently.

However, being able to view the code and comment on it is an option that makes it easy to choose a secure Bitcoin wallet.

The post Mycelium Wallet entered password in Bitcoin wallets without notifying users appeared first on World Weekly News.