SlowMist виявляє вразливість Libbitcoin Explorer

Blockchain security agency SlowMist recently unveiled a critical flaw within the Libbitcoin Explorer 3.x library, which has led to the unauthorized withdrawal of more than $900,000 from Біткін (БТК) ентузіастів.

The Libbitcoin Explorer, a preferred choice among developers and validators to establish Bitcoin and other cryptocurrency accounts, appears to be at the heart of the issue. Organizations like Airbitz, Bitprim, Blockchain Commons, and Cancoin are known to utilize Libbitcoin.

Чи знаєте ви?

Хочете стати розумнішими та багатшими за допомогою криптовалют?

Підпишіться – щотижня ми публікуємо нові відео пояснення криптовалют!

The vulnerability, dubbed the “Milk Sad,” came to light through the cybersecurity group “Distrust.” The issue has been flagged on the CEV cybersecurity vulnerability database since August 7th.

The flaw essentially resides in the Libbitcoin Explorer’s key creation protocol. It permits malicious entities to predict private keys, thereby gaining unauthorized access. This vulnerability was already exploited to steal over $900,000 in cryptocurrency, with one transaction draining over 9.7441 BTC, equating to approximately $278,318. 

SlowMist has since taken proactive measures, collaborating with crypto exchanges to “block” the suspect address, thus thwarting the illicit conversion of these stolen funds.

Distrust, joined by an ensemble of freelance cybersecurity experts, has set up a platform dedicated to detailing this vulnerability. Their findings suggest that this flaw emerges when the “bx seed” command gets executed for generating a wallet seed.

This mechanism, reliant on “the Mersenne Twister pseudorandom number generator (PRNG), initialized with 32 bits of system time,” frequently generates identical seeds for different users due to its inadequacy in randomness.

When approached for insight, Eric Voskuil of the Libbitcoin Institute highlighted that the “bx seed” command was chiefly introduced as a tool to “demonstrate behavior that requires entropy” and was never envisioned for production wallets. Recognizing the possible oversight, Voskuil stated:

We’ll likely make some change within the next few days to strengthen the warning against production use, or remove the command altogether.

2023 continues to witness wallet vulnerabilities as a persistent challenge in the crypto realm. An earlier breach in June saw the Atomic Wallet being compromised, leading to a loss exceeding $100 million. With a mere six out of 45 wallet brands currently investing in penetration testing, there’s a pressing need for fortified cybersecurity measures within the crypto community.

• Розповсюдження контенту та PR на основі SEO. Отримайте посилення сьогодні.
• PlatoData.Network Vertical Generative Ai. Додайте собі сили. Доступ тут.
• PlatoAiStream. Web3 Intelligence. Розширення знань. Доступ тут.
• ПлатонЕСГ. Автомобільні / електромобілі, вуглець, CleanTech, Енергія, Навколишнє середовище, Сонячна, Поводження з відходами. Доступ тут.
• PlatoHealth. Розвідка про біотехнології та клінічні випробування. Доступ тут.
• ChartPrime. Розвивайте свою торгову гру за допомогою ChartPrime. Доступ тут.
• BlockOffsets. Модернізація екологічної компенсаційної власності. Доступ тут.
• джерело: https://www.bitdegree.org/crypto/news/slowmist-uncovers-libbitcoin-explorer-vulnerability-leading-to-a-900k-theft