Fun

News Feed - 2023-08-11 03:08:00

Tom Blackstone5 hours agoNewly discovered Bitcoin wallet loophole let hackers steal $900K — SlowMistA series of attacks drained the wallets of BTC users by exploiting a faulty random seed generation algorithm.2038 Total views9 Total sharesListen to article 0:00NewsJoin us on social networksA newly discovered vulnerability in the Libbitcoin Explorer 3.x library has allowed over $900,000 to be stolen from Bitcoin users, according to a report from blockchain security firm SlowMist. The vulnerability can also affect users of Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash who use Libbitcoin to generate accounts.SlowMist Security Alert

Recently, #Distrust discovered a severe vulnerability affecting cryptocurrency wallets using the #Libbitcoin Explorer 3.x versions. This vulnerability allows attackers to access wallet private keys by exploiting the Mersenne Twister pseudo-random…— SlowMist (@SlowMist_Team) August 10, 2023


Libbitcoin is a Bitcoin wallet implementation that developers and validators sometimes use to create Bitcoin (BTC) and other cryptocurrency accounts. According to its official website, it is used by “Airbitz (mobile wallet), Bitprim (developer interface), Blockchain Commons (decentralized wallet identity), Cancoin (decentralized exchange)” and other applications. SlowMist did not specify which applications that use Libbitcoin, if any, are affected by the vulnerability.


SlowMist identified cybersecurity team “Distrust" as the team that originally discovered the loophole, which is called the “Milk Sad” vulnerability. It was reported to the CEV cybersecurity vulnerability database on Aug. 7.


According to the post, the Libbitcoin Explorer has a faulty key generation mechanism, allowing private keys to be guessed by attackers. As a result, attackers exploited this vulnerability to steal over $900,000 worth of crypto as of Aug. 10.


SlowMist emphasized that one attack in particular siphoned away over 9.7441 BTC (approximately $278,318). The firm claims to have “blocked” the address, implying that the team has contacted exchanges to prevent the attacker from cashing out the funds. The team also stated that it will be monitoring the address in case funds are moved elsewhere.


Four members of the Distrust team, along with eight freelance security consultants who claim to have helped discover the vulnerability, have set up an informational website explaining the vulnerability. They explained that the loophole is created when users employ the “bx seed” command to generate a wallet seed. This command “uses the Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time,” which lacks sufficient randomness and therefore sometimes produces the same seed for multiple persons.Bx seed command producing the same seed twice. Source: Milk Sad information site


The researchers claim to have discovered the vulnerability when they were contacted by a Libbitcoin user whose BTC had mysteriously gone missing on July 21. When the user reached out to other Libbitcoin users to try to determine how the BTC could have gone missing, the person found that other users were also having their BTC siphoned away.


Cointelegraph reached out to Libbitcoin Institute member Eric Voskuil for comment. In response, Voskuil stated that the bx seed command "is provided as a convenience for when the tool is used to demonstrate behavior that requires entropy" and is not intended to be used in production wallets. "If people did in fact use it for production key seeding (as opposed to rolling dice for example) then the warning is insufficient," Voskuil stated. In that case, "We"ll likely make some change within the next few days to strengthen the warning against production use, or remove the command altogether."


Wallet vulnerabilities continue to pose a problem for crypto users in 2023. Over $100 million was lost in a hack of the Atomic Wallet in June, which was acknowledged by the app’s team on June 22. Cybersecurity certification platform CER released its wallet security rankings in July, noting that only six out of 45 wallet brands employ penetration testing to discover vulnerabilities.


Update (Aug. 10 20:51 UTC): This article has been updated to include a comment from Eric Voskuil.# Bitcoin# Blockchain# Bitcoin Wallet# Wallet# Mobile Wallet# Hot walletAdd reactionAdd reactionRelated NewsHow to send and receive payments on the Lightning NetworkBlackRock’s misguided effort to create ‘Crypto for Dummies’What will Bitcoin do if the Justice Department takes aim at Binance?

News Feed
G20 Finance Chiefs Widely Recognize Crypto Poses Major Financial Stability Risks, Says Indian Central Bank Governor
G20 Finance Chiefs Widely Recognize Crypto Poses Major Financial Stability Risks, Says Indian Central Bank Governor The G20 finance ministers and central bank governors recognize t
2023-02-28 12:30 PM
Tron network leads in stablecoin market share amid growing monthly transfer volume
Nancy Lubale2 hours agoTron network leads in stablecoin market share amid growing monthly transfer volumeTron’s share of the stablecoin market continues to grow as the network’s adjusted transfer volume in USDT hit $
2024-08-17 06:08 AM
India’s Digital Currency to Take ‘Very Calibrated, Graduated’ Approach, Says RBI Deputy Governor
India"s Digital Currency to Take "Very Calibrated, Graduated" Approach, Says RBI Deputy Governor Reserve Bank of India (RBI) Deputy Governor T. Rabi Sankar has outlined the implica
2022-04-09 12:30 PM
Sky Mavis Raises $150 Million in Financing Round Led by Binance to Refund Users Affected by the Ronin Bridge Exploit
Sky Mavis Raises $150 Million in Financing Round Led by Binance to Refund Users Affected by the Ronin Bridge Exploit Sky Mavis, the company behind the play-to-earn (P2E) game Axie
2022-04-09 16:30 PM
Bitcoin turns bullish after the halving — Will BNB, NEAR, MNT and RNDR follow?
Rakesh Upadhyay4 hours agoBitcoin turns bullish after the halving — Will BNB, NEAR, MNT and RNDR follow?Bitcoin surprised traders with a strong rebound after the halving, possibly setting a bullish path for BNB, NEAR,
2024-04-22 04:17 AM
Bitcoin, Ethereum Technical Analysis: BTC Hits $48,000 as ETH Nears January High of $3,500 
Bitcoin, Ethereum Technical Analysis: BTC Hits $48,000 as ETH Nears January High of $3,500  Bitcoin briefly hit a high above $48,000 on Tuesday, as prices of the world’s la
2022-03-29 22:45 PM
Ghanaian Startup Bitsika Africa Processed $40 Million in Crypto Remittances in 2020, up 3,900% Year-on-Year
Ghanaian Startup Bitsika Africa Processed $40 Million in Crypto Remittances in 2020, up 3,900% Year-on-Year Bitsika Africa, a crypto startup operating out of Gha
2021-01-05 10:30 AM
Famed Economist Doubts Bitcoin Will Become Global Currency
Famed Economist Doubts Bitcoin Will Become Global Currency Mohamed El-Erian, chief economic advisor at financial services company Allianz, says that bitcoin is not going to be a gl
2021-11-18 11:30 AM
North Korean hackers deploy ‘Durian’ malware, targeting crypto firms
Tom Mitchelhill6 hours agoNorth Korean hackers deploy ‘Durian’ malware, targeting crypto firmsThe state-backed North Korean hacking group Kimsuky reportedly used a new malware variant to target at least two South Kor
2024-05-13 11:20 AM
Bitcoin Held on Trading Platforms Continues to Drop Lower, Over 68% of the Total Held by 5 Exchanges
Bitcoin Held on Trading Platforms Continues to Drop Lower, Over 68% of the Total Held by 5 Exchanges Amid the market carnage tied to Terra’s recent fallout, bitcoin sent to
2022-05-23 01:00 AM
Ana Paula Pereira6 hours agoTerraform Labs seeks access to FTX wallets in fraud defenseTerraform filed a motion to access information from wallets used by short sellers during the collapse of its algorithmic stablecoin i
2023-07-21 02:53 AM
Ana Paula Pereira4 hours agoTokenization is “securitization done on steroids" — Franklin Templeton CEOSpeaking at CNBC’s Delivering Alpha event, Jenny Johnson discussed how digital assets are disrupting securi
2023-10-02 04:40 AM