A Vulnerability in Libbitcoin Explorer 3.x Library Leads to the Theft of $900,000 from Bitcoin Users
A vulnerability in the Libbitcoin Explorer 3.x library has resulted in the theft of over $900,000 from Bitcoin users. The issue was reported by blockchain security firm SlowMist.
Key Points:
- The vulnerability affects cryptocurrency wallets that use Libbitcoin Explorer 3.x versions.
- Attackers can access wallet private keys by exploiting the Mersenne Twister pseudo-random.
- Other digital currencies like Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash, which employ Libbitcoin, may also be affected.
- The vulnerability involves a faulty key generation mechanism in the Libbitcoin Explorer, allowing attackers to guess private keys.
- Over $900,000 worth of cryptocurrencies have been stolen through this vulnerability.
The cybersecurity team “Distrust” discovered the vulnerability and reported it to the CEV cybersecurity vulnerability database. SlowMist claims to have blocked the attacker’s address to prevent the funds from being cashed out.
The vulnerability occurs when users generate a wallet seed using the “bx seed” command. Insufficient randomness in the command’s implementation can produce the same seed for multiple users. Eric Voskuil, a member of the Libbitcoin Institute, mentioned changes may be made to strengthen the warning against using the “bx seed” command.
Wallet vulnerabilities continue to be a problem for crypto users. In June, over $100 million was lost in a hack of the Atomic Wallet. According to wallet security rankings, only six out of 45 wallet brands employ penetration testing to discover vulnerabilities.
By
By
By
By