Distrust experts have discovered a critical vulnerability in the Libbitcoin Explorer console utility for cryptocurrency wallets, which allows attackers to access seed phrases and steal funds. As of August, the damage from its operation is estimated at more than $900,000.
Libbitcoin Explorer eliminates the need to access the full Bitcoin blockchain node to perform various operations, including generating private keys and managing transactions.
Bitcoin address marked as high-risk by the MistTrack platform. Data: X.
The found bug affects versions 3.0.0 to 3.6.0 of the utility and is associated with a pseudo-random number generator (PRNG).
As researchers Anton Livaja and Ryan Heywood explained, Libbitcoin Explorer uses the “bx seed” command to generate random numbers when creating a bitcoin wallet. However, if the tool relies on a weak algorithm, the entropy safety is reduced from 256 bits to 32 bits. This allows attackers to potentially crack users' private keys within days.
“If you have created a wallet using Libbitcoin’s Bitcoin Explorer, your funds are at risk (or have already been stolen),” said technical expert David Harding.
The main theft occurred around July 12, 2023, but the initial break-ins likely began in May, according to the researchers' findings. As of August, over $900,000 in Bitcoin, Ethereum, XRP, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash have been stolen. It has not yet been possible to establish the person responsible for the theft from hacked wallets.
The list of potentially vulnerable bitcoin wallets has not been published, although it is mentioned that their total number may exceed 2600 units. According to experts, MetaMask, Ledger and Trezor were not affected.
The Libbitcoin team disputed the researchers' findings, citing that users should not have resorted to the "bx seed" command, as many documents flag it as inappropriate for securely creating a wallet.
Users of affected versions of Libbitcoin Explorer were urged to transfer funds to secure addresses using a proven method of generating random numbers to create wallets.
Libbitcoin Explorer eliminates the need to access the full Bitcoin blockchain node to perform various operations, including generating private keys and managing transactions.
Bitcoin address marked as high-risk by the MistTrack platform. Data: X.
The found bug affects versions 3.0.0 to 3.6.0 of the utility and is associated with a pseudo-random number generator (PRNG).
As researchers Anton Livaja and Ryan Heywood explained, Libbitcoin Explorer uses the “bx seed” command to generate random numbers when creating a bitcoin wallet. However, if the tool relies on a weak algorithm, the entropy safety is reduced from 256 bits to 32 bits. This allows attackers to potentially crack users' private keys within days.
“If you have created a wallet using Libbitcoin’s Bitcoin Explorer, your funds are at risk (or have already been stolen),” said technical expert David Harding.
The main theft occurred around July 12, 2023, but the initial break-ins likely began in May, according to the researchers' findings. As of August, over $900,000 in Bitcoin, Ethereum, XRP, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash have been stolen. It has not yet been possible to establish the person responsible for the theft from hacked wallets.
The list of potentially vulnerable bitcoin wallets has not been published, although it is mentioned that their total number may exceed 2600 units. According to experts, MetaMask, Ledger and Trezor were not affected.
The Libbitcoin team disputed the researchers' findings, citing that users should not have resorted to the "bx seed" command, as many documents flag it as inappropriate for securely creating a wallet.
Users of affected versions of Libbitcoin Explorer were urged to transfer funds to secure addresses using a proven method of generating random numbers to create wallets.
