Researchers flag security concern for users of certain crypto wallets

Funds in crypto wallets made via Libbitcoin’s Bitcoin Explorer might be at risk or stolen

article-image

Voar Designs/Shutterstock, modified by Blockworks

share

A security flaw was detected in the Libbitcoin Explorer on Thursday.

The Libbitcoin Bitcoin Explorer is a command-line utility for Bitcoin-related operations, such as key generation and transaction management, eliminating the need for a full node. 

It allows developers and proficient users to engage with the Bitcoin network.

On-chain experts mentioned on X (previously Twitter) that many crypto wallets utilize Libbitcoin Explorer for generating private key entropy. 

Now, hackers appear to have discreetly siphoned funds across various blockchains.

“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” bitcoin technical writer David Harding said.

Loading Tweet..

Meanwhile, a crypto researcher from Johns Hopkins, Matthew Green, stated that one should assume every crypto wallet has an entropy flaw.

Researchers Anton Livaja and Ryan Haywood, among others, on Wednesday highlighted the harm caused by a Libbitcoin vulnerability, noting that malicious individuals found and exploited the flaw to siphon money from impacted wallets.

The researchers pointed out that “Mastering Bitcoin,” a guide for developers to understand bitcoin, suggests using a command called “bx seed” for wallet generation. 

This command is used in the Libbitcoin Explorer to generate random numbers for Bitcoin wallet creation and is essential for ensuring wallet security.

But if the tool relies on a frail random number generator, wallet security could plummet from robust standards like 256-bit down to a mere 32-bit, the team said.

If an attacker matches a wallet, they can access its funds and transaction history, regardless of whether the wallet is securely kept offline. The team believes that wallets created with this tool have been compromised and emptied.

The Libbitcoin team disputes the findings.

According to the researchers’ findings, the primary theft took place around July 12, 2023, but initial breaches likely started on a smaller scale in May 2023.

Another related vulnerability in different wallet software was identified in November 2022 and quickly exploited, possibly setting the stage for this recent incident.

Github activity for libbitcoin halted around the time the first suspected bug exploit occurred on the mainnet, according to one developer with a substantial following.

The team hasn’t determined who is responsible for the continuous thefts from compromised wallets.

A list of wallets potentially affected by the vulnerability was not immediately available, however according to MataMask’s Taylor Monahan, popular wallets such as MetaMask, Ledger and Trezor are not affected.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (19).png

Research

Suilend has grown into the top money market and liquid staking provider on Sui. STEAMM, Suilend’s Superfluid AMM, presents a compelling avenue for growing market share within Sui’s DEX landscape and revenue generation for the protocol. Suilend’s multi-product suite position it well for owning market share across key verticals. While current metrics across the Sui ecosystem are likely inflated due to Sui Foundation incentive programs, SEND trades at amongst the lowest multiples in the lend/borrow sector, suggesting that a bull case for continued growth in the ecosystem may be mispriced.

article-image

A Blockworks Research report looked at who could take up some of the marketshare in the launchpad space

article-image

Business-to-business stablecoin payments are on the rise, per a report from Artemis, Dragonfly and Castle Island

article-image

Crypto continues to do its thing: incentivizing behavior

article-image

Kraken will soon offer Backed ‘xStocks’ as Solana tokens

article-image

In a unanimous decision, the US Court of International Trade has ruled that Trump’s IEEPA tariffs are unlawful

article-image

The platform has over $22 million in assets and allows anyone to invest in tokenized real estate