Severe Vulnerability In Libbitcoin Explorer 3.x Causing Over $900K In Crypto Theft
Key Points:
- A severe vulnerability affecting cryptocurrency wallets using the Libbitcoin Explorer 3.x versions was discovered by Distrust.
- Attackers can exploit the Mersenne Twister pseudo-random number generator (PRNG) to access wallet private keys and steal funds.
- Over $900,000 USD worth of cryptocurrency assets have been stolen due to this vulnerability as of August 2023.
Distrust discovered a severe vulnerability in Libbitcoin Explorer 3.x versions, allowing attackers to access private keys and steal over $900K USD in cryptocurrency assets.
Recently, Distrust discovered a severe vulnerability affecting cryptocurrency wallets using the Libbitcoin Explorer 3.x versions. This vulnerability allows attackers to access wallet private keys by exploiting the Mersenne Twister pseudo-random number generator (PRNG), resulting in real-world impacts.
The vulnerability originates from implementing the pseudo-random number generator (PRNG) in the Libbitcoin Explorer 3.x versions. The implementation uses the Mersenne Twister algorithm, utilizing only 32 bits of system time as a seed. This allows attackers to brute-force users’ private keys within a few days.
This vulnerability affects all users generating wallets using the Libbitcoin Explorer 3.x versions and applications using the libbitcoin-system 3.6 development library. Known affected cryptocurrencies include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash.
Due to the existence of this vulnerability, attackers could access and control users’ wallets, thereby stealing funds. As of August 2023, over $900,000 USD worth of cryptocurrency assets have been stolen.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.