This impacts users of the Alethzero graphical user interface on Windows. Those utilizing the eth command line interface or not operating on the Windows platform are improbable to be impacted but should implement the measures outlined below. Users of the Frontier command line tool geth remain unaffected.
Description of the issue: While configuring privacy permissions for the keys directory, inadequate error management might lead to the key files not being recorded; this could be prevalent on the Windows platform. Consequently, current iterations of AlethZero and eth may contain identities for which there is no corresponding key. The Ether Presale Claim feature of AlethZero may lead to funds being unintentionally redirected to these nonexistent identities.
Alternative solution: Individuals using AlethZero version 0.9.39 and previous iterations should refrain from utilizing the “Claim Presale Wallet” feature; those on AlethZero and eth versions 0.9.39 and prior should avoid mining or receiving funds into their addresses.
Users of eth and AlethZero across all platforms should consider themselves secure once they have verified possession of the appropriate key. To ascertain this (using your current configuration), execute:
ethkey.exe –list
You can trust that all displayed addresses indeed possess a key associated with them and are not affected by this issue.
Corrective measures implemented by Ethereum: A new hotfix has been issued including modifications:
Solution: Versions 0.9.40 and subsequent, available from approximately 2015.08.07 18:30 CEST.