Experts at Distrust discovered a critical vulnerability in the Libbitcoin Explorer command-line utility for cryptocurrency wallets, which allows attackers to access seed phrases and steal funds. As of August, the damage from its exploitation is estimated at more than $900,000.
Libbitcoin Explorer eliminates the need to access a full Bitcoin blockchain node to carry out various operations, including generating private keys and managing transactions.
The bug affects versions 3.0.0 through 3.6.0 of the utility and is linked to the pseudorandom number generator (PRNG).
As researchers Anton Livadja and Ryan Haywood explained, to generate random numbers when creating a Bitcoin wallet Libbitcoin Explorer uses the command ‘bx seed’. However, if the tool relies on a weak algorithm, the entropy security drops from 256 to 32 bits. This could allow attackers to potentially crack users’ private keys within days.
“If you created a wallet with Libbitcoin’s Bitcoin Explorer, your funds are at risk (or already stolen),” — noted technical expert David Harding.
According to the researchers’ findings, the main theft occurred roughly on July 12, 2023, but the initial intrusions likely began in May. As of August, more than $900,000 had been stolen across Bitcoin, Ethereum, XRP, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash. No suspect has yet been identified.
The list of potentially vulnerable Bitcoin wallets has not been published, although it is noted that their total number may exceed 2,600. According to experts, MetaMask, Ledger and Trezor were not affected.
Libbitcoin’s team disputed the researchers’ conclusions, arguing that users should not have resorted to the ‘bx seed’ command, as it is marked as unsuitable for secure wallet creation in many documents.
Users of vulnerable Libbitcoin Explorer versions were urged to move funds to safe addresses, using a trusted method for generating random numbers to create wallets. Earlier ForkLog published an article about the main vulnerabilities of cryptocurrency wallets.