This affects users of the Alethzero GUI client on Windows. Users of the eth CLI client or those not on the Windows platform are unlikely to be affected, but should take the steps below. Frontier geth CLI users are not affected.
Description of the problem: When setting privacy permissions on the key directory, insufficient error handling can cause key files not to be written; this may be widespread on the Windows platform. As such, current versions of AlethZero and eth may include identities for which there is no underlying key. AlethZero’s Ether pre-sale claim functionality may result in funds being automatically transferred to these lost identities.
Workaround: Users of AlethZero version 0.9.39 and earlier should NOT use the “Claim Presale Wallet” feature; Users of AlethZero and eth versions 0.9.39 and earlier should not attempt to mine or receive funds at their addresses.
Users of eth and AlethZero on all platforms should consider themselves secure once they have confirmed that they do indeed have the underlying key. To verify (with your existing configuration) run:
ethkey.exe –list
You can assume that all addresses listed have a key behind them and do not suffer from this problem.
Corrective Action Taken by Ethereum: New hotfix released with changes:
Arrange: Versions 0.9.40 and later, available from 07/08/2015 at 18:30 CEST.