Security Warning 1 (windows+alethzero) | Ethereum Foundation Blog

This affects users of the Alethzero GUI client on Windows. Users of the eth CLI client or non-Windows platforms are unlikely to be affected but should take action detailed below. Frontier command line interface geth users are not affected..

Problem Description: Insufficient error handling while setting privacy permissions on the key directory may result in the key file not being written. This may be prevalent on Windows platforms. Therefore, current versions of AlethZero and eth may contain IDs without a primary key. AlethZero’s Ether Presale Claim feature allows funds to be automatically transferred to the lost identity.

Resolution: Users of AlethZero versions 0.9.39 and below should not use the “Claim Presale Wallet” feature. Users with AlethZero and eth versions 0.9.39 and below should not attempt to mine or receive funds to their addresses.

Users of eth and AlethZero on all platforms should feel safe once they have verified that they actually have a primary key. To check (with existing settings), run:

ethkey.exe –list

You can assume that all addresses listed actually have keys and this problem does not occur.

Improvement measures taken by Ethereum: A new hotfix with changes has been released.

fix: Version 0.9.40 or higher, available from 2015.08.07 18:30 CEST.