Hackers Exploit Bitcoin Wallet Vulnerability, Make Off With $900K

A crypto security breach has exposed a significant vulnerability within the Libbitcoin Explorer 3.x library, resulting in the illicit withdrawal of more than $900,000 from Bitcoin users’ accounts. The breach was detailed in a recent report by SlowMist, a blockchain security firm.

The targeted software, Libbitcoin Bitcoin Explorer, is a command-line tool extensively employed for various Bitcoin operations, including generating cryptographic keys and overseeing transactions. By sidestepping the requirement for a complete node, the utility facilitates engagement with the Bitcoin network, catering to developers and adept users.

Of particular concern is the widespread reliance on the Libbitcoin Explorer by numerous cryptocurrency wallets for deriving private key entropy. This breach has enabled hackers to covertly syphon substantial sums across multiple blockchains, underscoring the urgency of addressing the vulnerability and reinforcing security measures across the cryptocurrency landscape.

‘Milk Sad’ Loophole Results In Crypto Theft 

The breach was identified by the cybersecurity team Distrust, which dubbed the vulnerability the “Milk Sad” loophole, SlowMist said. The exploited vulnerability within the Libbitcoin Explorer allowed attackers to manipulate its faulty key generation mechanism, effectively enabling them to guess private keys. 

🚨SlowMist Security Alert🚨

Recently, #Distrust discovered a severe vulnerability affecting cryptocurrency wallets using the #Libbitcoin Explorer 3.x versions. This vulnerability allows attackers to access wallet private keys by exploiting the Mersenne Twister pseudo-random…

— SlowMist (@SlowMist_Team) August 10, 2023

This breach, which was reported to the CVE cybersecurity vulnerability database, has resulted in the siphoning of substantial cryptocurrency holdings, with the total stolen amount reaching over $900,000 as of Thursday.

“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” crypto technical writer David Harding wrote on X. 

If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen).

Full details: https://t.co/Crlw63lUr4

— David A. Harding (@hrdng) August 8, 2023

Faulty Seed Subcommand

According to Distrust, the core of the issue lies in a flawed seed subcommand utilized for generating fresh wallet private key entropy. This faulty mechanism results in the production of insecure outputs, leaving cryptocurrency holdings vulnerable to theft.

To illustrate the potential impact, experts liken the situation to securing an online bank account with a password manager that consistently generates the same passwords for multiple users. Exploiting this weakness, malicious actors have managed to drain funds from a range of affected accounts.

Bitcoin (BTC) trading at $29,389 today. Chart: TradingView.com

Distrust’s cautionary findings highlight the alarming drop in security effectiveness, wherein even a high-performance gaming PC can swiftly break through the compromised seeds in under 24 hours.

Though specific wallets impacted by the Libbitcoin vulnerability and the exact extent of cryptocurrency theft remain unconfirmed, evidence suggests that the exploit was operational “in the wild” during June and July of this year.

The investigation underscores the urgency of addressing such vulnerabilities to safeguard the integrity of cryptocurrency transactions and the digital assets they involve.

Featured image from The Tech Panda