Problem outline:
- Paper wallet backups generate a pdf which is saved unencrypted in the browsers cache.
In Chrome for example a search of the browsers history using 'data:application/pdf' will show the cached paper backups with the private keys in plain view.
- Storing unencrypted private keys in the browsers cache leaves the wallets vulnerable to malware attacks.
Suggested actions for users:
- If you have generated a paper backup clear your browser cache. For additional security create a new wallet and transfer coins to it.
If using blockchain.info for the new wallet, do not create a paper backup.
Suggested solution for blockchain.info:
- Generate paper wallet backups in html and do not save in the browsers cache.
Additional problems:
- The email address of
security@blockchain.info listed on the blockchain.info website does not work. There appears to be no dedicated security contact point.
- I have received numerous email backups automatically without user request.
