Warning: This Crypto Wallet May Have Compromised Your Bitcoin

2023-8-11 12:00

Recent findings have revealed a significant vulnerability in the widely recognized Libbitcoin Explorer (bx) cryptocurrency wallet tool.

If you have ever generated a wallet through this software or followed guidance from the book “Mastering Bitcoin,” your digital assets might be in danger—or even worse—already stolen.

Catastrophic Crypto Wallet Vulnerability

This vulnerability, designated CVE-2023-39910, unveils a catastrophic weakness in the bx seed subcommand responsible for new crypto wallet private key entropy generation. Shockingly, it was discovered that Libbitcoin Explorer 3.x versions employ the Mersenne Twister pseudorandom number generator (PRNG), which is initialized with 32 bits of system time.

So, instead of creating a unique and secure password for every user, the software was occasionally generating the same password. Malevolent actors have identified this weakness and have begun draining funds from unsuspecting users’ wallets.

To read more on crypto wallet security features, check our guide on multisig wallets:  What Are Multisig Wallets and How Do They Work?

It’s worth highlighting that the vulnerability’s dangerousness lies in the poor generation of cryptographic numbers. Typically, a secure cryptographic system requires large, unpredictable numbers. With a frail random number generator, the encryption becomes practically useless.

So, instead of having wallet security at robust levels like 128-bit, 192-bit, or 256-bit, it plunges to a meager 32-bit.

Although 4,294,967,296 (2^32) unique combinations might sound huge, it’s not much work for modern computers to break. With the current advancements in computing, a standard gaming PC can search these combinations in less than 24 hours.

Though there are multiple variations to test, it’s still a staggeringly short time frame. This is especially true when an attacker can subsequently gain full control of one’s funds, inspect previous wallet transactions, and even sign messages.

How long it takes modern computers to crack a password. Source: Response IT Protect Yourself

This fault brings forth a chilling reality. No matter how safely you store your wallet credentials—be it digitally or even as a paper wallet in a physical bank vault—your assets are susceptible to theft. Records show that these malicious attacks peaked around July 12, 2023. Other signs indicate that initial exploitations began earlier in May 2023.

Renowned figures in the crypto community have voiced concerns. Binance CEO Changpeng Zhao stated,

“Self custody wallets are not without risks. I am supportive of self custody, IF you know what you are doing. Stay #SAFU!”

Further emphasizing the crux of the vulnerability, he mentioned,

“This vulnerability is due to the random number generator using a 32 bit seed, which is not sufficiently random against modern cracking such as GPUs. Trustwallet and Binance wallets do not use this for seed phrase generation.”

The Libbitcoin Explorer debacle is a stern reminder that while this new era of finance and asset custody offers many new opportunities, it also poses immense risks. It’s important for anyone using crypto to ensure the use of trusted tools and stay updated about potential vulnerabilities.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
This article was initially compiled by an advanced AI, engineered to extract, analyze, and organize information from a broad array of sources. It operates devoid of personal beliefs, emotions, or biases, providing data-centric content. To ensure its relevance, accuracy, and adherence to BeInCrypto’s editorial standards, a human editor meticulously reviewed, edited, and approved the article for publication.

The post Warning: This Crypto Wallet May Have Compromised Your Bitcoin appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Emerald Crypto (EMD) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 4.67 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0095806 (-100%)

compromised wallet crypto might through generated software

compromised wallet → Результатов: 92


Hackers Take Over NFT Project Azuki’s Twitter Profile, Steal Over $750K Worth Of Asset

The Twitter account of top non-fungible token (NFT) project, Azuki, was compromised on Friday, resulting in the loss of over $750,000 worth of crypto assets. Following a takeover of the project’s account yesterday afternoon, hackers posted a wallet drainer link disguised as an invitation for users to participate in a virtual land mint in The […]

2023-1-28 12:04


Фото:

Bitcoin Wallet Ledger Suffers Data Breach That Exposed Private Data Of 1 Million Users

Cryptocurrency hardware provider Ledger experienced a data leak that led to personal details of customers being compromised. User funds are, however, safe. Details Of The Ledger Data Leak In a blog post on July 29, Ledger revealed that its e-commerce and marketing database was hacked between June and July, leaking one million email IDs and […]

2020-7-29 17:39


Фото:

MasterMana Botnet takes over your machine to empty your cryptocurrency wallet

Cybersecurity researchers have detailed a dangerous botnet specifically targeting businesses to steal sensitive data and cryptocurrency. Dubbed “MasterMana Botnet,” the ongoing campaign is believed to be connected to the “Gorgon Group,” a crew of cyberbaddies linked to worldwide criminal activity and repeated attacks on governments.

2019-10-2 19:57


Bitcoin Wallet Researchers Slam ‘Inappropriate’ Redditor’s Coinomi Complaint

By CCN: CipherBlade, a blockchain security research firm, has published the results of a lengthy investigation into the claims of a Coinomi user. How Were the Funds Truly Compromised? Warith Al Maawali contacted CCN and just about every news outlet he could find with the claim that because Coinomi had sent seed phrases to Google for spellchecking, he had lost his entire life savings.

2019-5-24 11:28


Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers

Binance’s official blog spoke about a security breach in Binance that allowed hackers to get away with 7000 BTCs, a large number of user API keys, 2FA codes, and potentially other info. The blog further added that the targetted attack was on a hot wallet and that only 2% of the total funds in that wallet […] The post Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers appeared first on AMBCrypto.

2019-5-8 03:48


Фото:

Bitcoin wallet Electrum hit by DoS attack from 140,000-strong botnet

The servers of popular Bitcoin wallet Electrum are under heavy attack, and users are advised to be extra careful when using the platform until it’s resolved. A sophisticated botnet of more than 140,000 machines has launched Denial-of-Service (DoS) attacks on Electrum‘s servers, with apparent intent to direct users to compromised versions of the software designed to steal their Bitcoin.

2019-4-8 18:06