Warning: This Crypto Wallet May Have Compromised Your Bitcoin

2023-8-11 12:00

Recent findings have revealed a significant vulnerability in the widely recognized Libbitcoin Explorer (bx) cryptocurrency wallet tool.

If you have ever generated a wallet through this software or followed guidance from the book “Mastering Bitcoin,” your digital assets might be in danger—or even worse—already stolen.

Catastrophic Crypto Wallet Vulnerability

This vulnerability, designated CVE-2023-39910, unveils a catastrophic weakness in the bx seed subcommand responsible for new crypto wallet private key entropy generation. Shockingly, it was discovered that Libbitcoin Explorer 3.x versions employ the Mersenne Twister pseudorandom number generator (PRNG), which is initialized with 32 bits of system time.

So, instead of creating a unique and secure password for every user, the software was occasionally generating the same password. Malevolent actors have identified this weakness and have begun draining funds from unsuspecting users’ wallets.

To read more on crypto wallet security features, check our guide on multisig wallets:  What Are Multisig Wallets and How Do They Work?

It’s worth highlighting that the vulnerability’s dangerousness lies in the poor generation of cryptographic numbers. Typically, a secure cryptographic system requires large, unpredictable numbers. With a frail random number generator, the encryption becomes practically useless.

So, instead of having wallet security at robust levels like 128-bit, 192-bit, or 256-bit, it plunges to a meager 32-bit.

Although 4,294,967,296 (2^32) unique combinations might sound huge, it’s not much work for modern computers to break. With the current advancements in computing, a standard gaming PC can search these combinations in less than 24 hours.

Though there are multiple variations to test, it’s still a staggeringly short time frame. This is especially true when an attacker can subsequently gain full control of one’s funds, inspect previous wallet transactions, and even sign messages.

How long it takes modern computers to crack a password. Source: Response IT Protect Yourself

This fault brings forth a chilling reality. No matter how safely you store your wallet credentials—be it digitally or even as a paper wallet in a physical bank vault—your assets are susceptible to theft. Records show that these malicious attacks peaked around July 12, 2023. Other signs indicate that initial exploitations began earlier in May 2023.

Renowned figures in the crypto community have voiced concerns. Binance CEO Changpeng Zhao stated,

“Self custody wallets are not without risks. I am supportive of self custody, IF you know what you are doing. Stay #SAFU!”

Further emphasizing the crux of the vulnerability, he mentioned,

“This vulnerability is due to the random number generator using a 32 bit seed, which is not sufficiently random against modern cracking such as GPUs. Trustwallet and Binance wallets do not use this for seed phrase generation.”

The Libbitcoin Explorer debacle is a stern reminder that while this new era of finance and asset custody offers many new opportunities, it also poses immense risks. It’s important for anyone using crypto to ensure the use of trusted tools and stay updated about potential vulnerabilities.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
This article was initially compiled by an advanced AI, engineered to extract, analyze, and organize information from a broad array of sources. It operates devoid of personal beliefs, emotions, or biases, providing data-centric content. To ensure its relevance, accuracy, and adherence to BeInCrypto’s editorial standards, a human editor meticulously reviewed, edited, and approved the article for publication.

The post Warning: This Crypto Wallet May Have Compromised Your Bitcoin appeared first on BeInCrypto.

origin »

Bitcoin price in Telegram @btc_price_every_hour

Emerald Crypto (EMD) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 4.67 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0095806 (-100%)

compromised wallet crypto might through generated software

compromised wallet → Результатов: 92


Bitcoin Wallet Researchers Slam ‘Inappropriate’ Redditor’s Coinomi Complaint

By CCN: CipherBlade, a blockchain security research firm, has published the results of a lengthy investigation into the claims of a Coinomi user. How Were the Funds Truly Compromised? Warith Al Maawali contacted CCN and just about every news outlet he could find with the claim that because Coinomi had sent seed phrases to Google for spellchecking, he had lost his entire life savings.

2019-5-24 11:28


Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers

Binance’s official blog spoke about a security breach in Binance that allowed hackers to get away with 7000 BTCs, a large number of user API keys, 2FA codes, and potentially other info. The blog further added that the targetted attack was on a hot wallet and that only 2% of the total funds in that wallet […] The post Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers appeared first on AMBCrypto.

2019-5-8 03:48


Фото:

Bitcoin wallet Electrum hit by DoS attack from 140,000-strong botnet

The servers of popular Bitcoin wallet Electrum are under heavy attack, and users are advised to be extra careful when using the platform until it’s resolved. A sophisticated botnet of more than 140,000 machines has launched Denial-of-Service (DoS) attacks on Electrum‘s servers, with apparent intent to direct users to compromised versions of the software designed to steal their Bitcoin.

2019-4-8 18:06


Redditor Claims Theft of $70,000 in Life Savings Due to Critical Coinomi Wallet Bug

According to cryptocurrency investor Warith Al Mawali, he has lost all of his life savings in the tune of $60,000 to $70,000 on Coinomi, a widely utilized crypto wallet on Android. In a detailed report, Mawali claimed that a critical vulnerability found on the wallet led to the loss of user funds as it compromised the private key of his wallet.

2019-2-27 16:31


NodeJS package used by the Copay and BitPay apps was modified to load malicious code, BitPay released security update version

A Node.js module called event-stream is used in millions of web applications, including BitPay’s open-source bitcoin wallet — Copay — and this module was reportedly compromised. A user with very little coding activity on GitHub requested publishing rights to the event-stream library from its previous maintainer, Dominic Tarr, who said that he had not maintained […]

2018-11-27 10:45


Magnify ICO

The Magnify project provides an opportunity to increase the security of your funds. Magnify Wallet stores your crypto currency and allows you to carry out transfers and make payments without having you to open private keys each time (every time you use a private key, it can be compromised).

2018-9-3 14:33


Bitfi Bitcoin Wallet Withdraws Unhackable Claim Following Series of Hacks

The controversial McAfee-backed Bitcoin wallet, Bitfi, has withdrawn their claim of being “unhackable” from their website following a series of notable hacks. The wallet, which claimed to be the first wallet without any risks of being compromised, was discovered to have a series of security flaws following the release of evidence from cybersecurity researchers.

2018-9-2 23:00


Фото:

‘I’m Not That Sloppy’: 15-Year Old Ridicules Bitfi After Hacking ‘Unhackable’ Wallet

A fifteen-year-old has claimed to have successfully compromised the “unhackable” Bitfi hardware wallet endorsed by John McAfee. ‘Bullshit Walks’? In a Twitter exchange August 1, Saleem Rashid, who rose to prominence online after uncovering a vulnerability in hardware wallet Ledger in March, defied claims by Bitfi that its product boasted indestructible security.

2018-8-3 00:00


Фото:

Complete refunds guaranteed by a ICO platform after being involved in a $7 million hacking incident

Initial coin offering support platform KickICO lost $7.7 million in KICK tokens in a hack on Thursday, the company reported. CEO Anti Danilevski wrote in a blog post that the startup’s team discovered some 70 million KICK tokens missing from its wallet after the KickCoin smart contract owner’s private key was compromised. Several users’ wallets

2018-7-27 22:31