A cryptographic security breach exposed a major security vulnerability within the Libbitcoin Explorer 3.x library, resulting in the withdrawal of more than $900,000 from Bitcoin users’ accounts. The breach was detailed in a recent report by SlowMist, a blockchain security firm.
The targeted software, Libbitcoin Bitcoin Explorer, is a widely used command-line tool for many Bitcoin operations, including generating cryptographic keys and overseeing transactions. By avoiding full node requirements, the tool makes it easy to share with the Bitcoin network, catering to the needs of savvy developers and users.
Of particular concern is the widespread reliance on Libbitcoin Explorer by many cryptocurrency wallets for deriving private key entropy. This hack enabled hackers to steal large sums of money across multiple blockchains, underscoring the urgent need to address the vulnerability and strengthen security measures across the cryptocurrency landscape.
‘Sad Milk’ vulnerability leads to cryptocurrency theft
The breach was identified by the No Trust cybersecurity team, who named the vulnerability “Milk Sad” exploit, SlowMist said. The exploited vulnerability in Libbitcoin Explorer allowed attackers to manipulate the faulty key generation mechanism, effectively enabling them to guess private keys.
“SlowMist Security Alert”
newly, #Distrust Discover a serious vulnerability affecting cryptocurrency wallets using # Libitcoin 3.x Explorer versions. This vulnerability allows attackers to access wallet private keys through a pseudo-random Mersenne Twister exploit…
– SlowMist (SlowMist_Team) August 10, 2023
This breach has been reported Countering Violent Extremism Cyber Vulnerabilities Databasedraining large cryptocurrency holdings, with the total amount stolen reaching more than $900,000 as of Thursday.
“If you create a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the addon for Mastering Bitcoin, your funds are at risk (or actually stolen),” a cryptocurrency tech writer David Harding wrote on X.
If you create a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the Bitcoin Mastering addendum, your funds are at risk (or actually stolen).
Full details: https://t.co/Crlw63lUr4
– David A Harding (@hrdng) August 8, 2023
Defective sub-command of seeds
According to the uncertainty, the core of the problem lies in a faulty subcommand that is used to generate the entropy of a new private key for the wallet. This faulty mechanism produces insecure outputs, making cryptocurrency holdings vulnerable to theft.
To illustrate the potential impact, experts liken the situation to securing an online bank account with a password manager that constantly generates the same passwords for multiple users. By exploiting this vulnerability, malicious actors were able to drain funds from a group of affected accounts.
Bitcoin (BTC) trading at $29,389 today. Chart: TradingView.com
The warning results of mistrust highlight the alarming decline in security effectiveness, as even a high-performance gaming PC can quickly hack a hacked seed in less than 24 hours.
Although the specific wallets affected by the Libbitcoin vulnerability and the exact extent of the cryptocurrency theft remain uncertain, evidence is suggestive. to exploit She was operating “in the wild” during June and July of this year.
The investigation underscores the urgent need to address these vulnerabilities to protect the integrity of cryptocurrency transactions and the digital assets involved.
Featured image from Tech Panda