SlowMist обнаружил уязвимость Libbitcoin Explorer

Blockchain security agency SlowMist recently unveiled a critical flaw within the Libbitcoin Explorer 3.x library, which has led to the unauthorized withdrawal of more than $900,000 from Bitcoin (BTC) энтузиастов.

The Libbitcoin Explorer, a preferred choice among developers and validators to establish Bitcoin and other cryptocurrency accounts, appears to be at the heart of the issue. Organizations like Airbitz, Bitprim, Blockchain Commons, and Cancoin are known to utilize Libbitcoin.

Знаете ли вы?

Хотите стать умнее и богаче с помощью криптовалюты?

Подпишитесь — мы публикуем новые видео с объяснением криптографии каждую неделю!

The vulnerability, dubbed the “Milk Sad,” came to light through the cybersecurity group “Distrust.” The issue has been flagged on the CEV cybersecurity vulnerability database since August 7th.

The flaw essentially resides in the Libbitcoin Explorer’s key creation protocol. It permits malicious entities to predict private keys, thereby gaining unauthorized access. This vulnerability was already exploited to steal over $900,000 in cryptocurrency, with one transaction draining over 9.7441 BTC, equating to approximately $278,318. 

SlowMist has since taken proactive measures, collaborating with crypto exchanges to “block” the suspect address, thus thwarting the illicit conversion of these stolen funds.

Distrust, joined by an ensemble of freelance cybersecurity experts, has set up a platform dedicated to detailing this vulnerability. Their findings suggest that this flaw emerges when the “bx seed” command gets executed for generating a wallet seed.

This mechanism, reliant on “the Mersenne Twister pseudorandom number generator (PRNG), initialized with 32 bits of system time,” frequently generates identical seeds for different users due to its inadequacy in randomness.

When approached for insight, Eric Voskuil of the Libbitcoin Institute highlighted that the “bx seed” command was chiefly introduced as a tool to “demonstrate behavior that requires entropy” and was never envisioned for production wallets. Recognizing the possible oversight, Voskuil stated:

We’ll likely make some change within the next few days to strengthen the warning against production use, or remove the command altogether.

2023 continues to witness wallet vulnerabilities as a persistent challenge in the crypto realm. An earlier breach in June saw the Atomic Wallet being compromised, leading to a loss exceeding $100 million. With a mere six out of 45 wallet brands currently investing in penetration testing, there’s a pressing need for fortified cybersecurity measures within the crypto community.

• SEO-контент и PR-распределение. Получите усиление сегодня.
• PlatoData.Network Вертикальный генеративный ИИ. Расширьте возможности себя. Доступ здесь.
• ПлатонАйСтрим. Интеллект Web3. Расширение знаний. Доступ здесь.
• ПлатонЭСГ. Автомобили / электромобили, Углерод, чистые технологии, Энергия, Окружающая среда, Солнечная, Управление отходами. Доступ здесь.
• ПлатонЗдоровье. Биотехнологии и клинические исследования. Доступ здесь.
• ЧартПрайм. Улучшите свою торговую игру с ChartPrime. Доступ здесь.
• Смещения блоков. Модернизация права собственности на экологические компенсации. Доступ здесь.
• Источник: https://www.bitdegree.org/crypto/news/slowmist-uncovers-libbitcoin-explorer-vulnerability-leading-to-a-900k-theft