Researchers flag security concern for users of certain crypto wallets

Funds in crypto wallets made via Libbitcoin’s Bitcoin Explorer might be at risk or stolen

article-image

Voar Designs/Shutterstock, modified by Blockworks

share

A security flaw was detected in the Libbitcoin Explorer on Thursday.

The Libbitcoin Bitcoin Explorer is a command-line utility for Bitcoin-related operations, such as key generation and transaction management, eliminating the need for a full node. 

It allows developers and proficient users to engage with the Bitcoin network.

On-chain experts mentioned on X (previously Twitter) that many crypto wallets utilize Libbitcoin Explorer for generating private key entropy. 

Now, hackers appear to have discreetly siphoned funds across various blockchains.

“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” bitcoin technical writer David Harding said.

Loading Tweet..

Meanwhile, a crypto researcher from Johns Hopkins, Matthew Green, stated that one should assume every crypto wallet has an entropy flaw.

Researchers Anton Livaja and Ryan Haywood, among others, on Wednesday highlighted the harm caused by a Libbitcoin vulnerability, noting that malicious individuals found and exploited the flaw to siphon money from impacted wallets.

The researchers pointed out that “Mastering Bitcoin,” a guide for developers to understand bitcoin, suggests using a command called “bx seed” for wallet generation. 

This command is used in the Libbitcoin Explorer to generate random numbers for Bitcoin wallet creation and is essential for ensuring wallet security.

But if the tool relies on a frail random number generator, wallet security could plummet from robust standards like 256-bit down to a mere 32-bit, the team said.

If an attacker matches a wallet, they can access its funds and transaction history, regardless of whether the wallet is securely kept offline. The team believes that wallets created with this tool have been compromised and emptied.

The Libbitcoin team disputes the findings.

According to the researchers’ findings, the primary theft took place around July 12, 2023, but initial breaches likely started on a smaller scale in May 2023.

Another related vulnerability in different wallet software was identified in November 2022 and quickly exploited, possibly setting the stage for this recent incident.

Github activity for libbitcoin halted around the time the first suspected bug exploit occurred on the mainnet, according to one developer with a substantial following.

The team hasn’t determined who is responsible for the continuous thefts from compromised wallets.

A list of wallets potentially affected by the vulnerability was not immediately available, however according to MataMask’s Taylor Monahan, popular wallets such as MetaMask, Ledger and Trezor are not affected.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg

Research

In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.

article-image

BUZZ holds shares of Coinbase, Robinhood and MicroStrategy

article-image

Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile

article-image

The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally

article-image

While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders

article-image

Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume

article-image

DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit