A significant vulnerability in the Libbitcoin Explorer, a console utility for managing cryptocurrency wallets, has been exploited by hackers, resulting in over $900,000 in estimated damages as of August. The exploit allows attackers to gain access to seed phrases and abscond with funds.
The Libbitcoin Explorer is designed to streamline operations like transaction management and private key generation, reducing the necessity for full blockchain node access.
The flaw impacts versions 3.0.0 to 3.6.0 and centers around the pseudo-random number generator (PRNG). Weak algorithms decrease entropy security from 256 to 32 bits, potentially compromising user private keys within days.
Researchers noted that the primary breach occurred around July 12, 2023, with initial attacks likely beginning in May. By August, the stolen assets included Bitcoin, Ethereum, XRP, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash, totaling more than $900,000. The culprits remain unidentified.
While the full list of affected wallets isn’t public, experts believe the number could exceed 2600. It’s worth mentioning that MetaMask, Ledger, and Trezor remain unaffected.
Libbitcoin’s team contested these findings, stating that users should avoid the “bx seed” command due to its insecurity for wallet creation.
Users of compromised Libbitcoin Explorer versions are strongly advised to move their funds to secure addresses using established methods for generating random numbers during wallet creation.
Read More: PayPal unveiled its own cryptocurrency PYUSD