Crypto Security Breach: Hackers Exploit Bitcoin Wallet Vulnerability, Make Off With $900K

Must read

On-chain Investigator Teases Truth Bombshell That Will ‘Amaze’ Crypto Community

In a cryptic announcement that has caught the attention of the crypto Twitter community, a popular on-chain investigator has promised to reveal hidden...

Cardano Founder Hails Argentina’s New President As “Perfect”

Charles Hoskinson, the founder of Cardano, a smart contract platform, is endorsing Argentina’s newly elected president, Javier Milei, describing the leader as “perfect”...

Shiba Inu Burn Rate Explodes 499,416%, Can This Send SHIB To $0.1?

Sign Up for Our Newsletter! For updates and exclusive offers...

Binance’s Ex-CEO Changpeng Zhao Restricted To US, Travel Ban Imposed

According to a Reuters report, former Binance CEO Changpeng Zhao, commonly known as CZ, must remain in the United States for the time...

A crypto security breach has exposed a significant vulnerability within the Libbitcoin Explorer 3.x library, resulting in the illicit withdrawal of more than $900,000 from Bitcoin users’ accounts. The breach was detailed in a recent report by SlowMist, a blockchain security firm.

The targeted software, Libbitcoin Bitcoin Explorer, is a command-line tool extensively employed for various Bitcoin operations, including generating cryptographic keys and overseeing transactions. By sidestepping the requirement for a complete node, the utility facilitates engagement with the Bitcoin network, catering to developers and adept users.

Of particular concern is the widespread reliance on the Libbitcoin Explorer by numerous cryptocurrency wallets for deriving private key entropy. This breach has enabled hackers to covertly syphon substantial sums across multiple blockchains, underscoring the urgency of addressing the vulnerability and reinforcing security measures across the cryptocurrency landscape.

‘Milk Sad’ Loophole Results In Crypto Theft 

The breach was identified by the cybersecurity team Distrust, which dubbed the vulnerability the “Milk Sad” loophole, SlowMist said. The exploited vulnerability within the Libbitcoin Explorer allowed attackers to manipulate its faulty key generation mechanism, effectively enabling them to guess private keys. 

🚨SlowMist Security Alert🚨

Recently, #Distrust discovered a severe vulnerability affecting cryptocurrency wallets using the #Libbitcoin Explorer 3.x versions. This vulnerability allows attackers to access wallet private keys by exploiting the Mersenne Twister pseudo-random…

— SlowMist (@SlowMist_Team) August 10, 2023

This breach, which was reported to the CVE cybersecurity vulnerability database, has resulted in the siphoning of substantial cryptocurrency holdings, with the total stolen amount reaching over $900,000 as of Thursday.

“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” crypto technical writer David Harding wrote on X

If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen).

Full details: https://t.co/Crlw63lUr4

— David A. Harding (@hrdng) August 8, 2023

Faulty Seed Subcommand

According to Distrust, the core of the issue lies in a flawed seed subcommand utilized for generating fresh wallet private key entropy. This faulty mechanism results in the production of insecure outputs, leaving cryptocurrency holdings vulnerable to theft.

To illustrate the potential impact, experts liken the situation to securing an online bank account with a password manager that consistently generates the same passwords for multiple users. Exploiting this weakness, malicious actors have managed to drain funds from a range of affected accounts.

Bitcoin (BTC) trading at $29,389 today. Chart: TradingView.com

Distrust’s cautionary findings highlight the alarming drop in security effectiveness, wherein even a high-performance gaming PC can swiftly break through the compromised seeds in under 24 hours.

Though specific wallets impacted by the Libbitcoin vulnerability and the exact extent of cryptocurrency theft remain unconfirmed, evidence suggests that the exploit was operational “in the wild” during June and July of this year.

The investigation underscores the urgency of addressing such vulnerabilities to safeguard the integrity of cryptocurrency transactions and the digital assets they involve.

Featured image from The Tech Panda

More articles

Latest article

On-chain Investigator Teases Truth Bombshell That Will ‘Amaze’ Crypto Community

In a cryptic announcement that has caught the attention of the crypto Twitter community, a popular on-chain investigator has promised to reveal hidden...

Cardano Founder Hails Argentina’s New President As “Perfect”

Charles Hoskinson, the founder of Cardano, a smart contract platform, is endorsing Argentina’s newly elected president, Javier Milei, describing the leader as “perfect”...

Shiba Inu Burn Rate Explodes 499,416%, Can This Send SHIB To $0.1?

Sign Up for Our Newsletter! For updates and exclusive offers...

Binance’s Ex-CEO Changpeng Zhao Restricted To US, Travel Ban Imposed

According to a Reuters report, former Binance CEO Changpeng Zhao, commonly known as CZ, must remain in the United States for the time...

Bitcoin Whale Inflow Activity On The Rise: Something To Watch For?

On-chain data shows the Bitcoin whale exchange inflow activity has been increasing recently, a sign that may not be positive for the price....