Key Points:
He emphasized that while self-custodial wallets offer benefits, they aren’t devoid of risks, provided users understand their operation. The vulnerability arises from a flawed random number generator using a 32-bit seed, rendering it insufficiently random for contemporary cryptographic challenges like GPUs.
Notably, Trust Wallet and Binance Wallet avoid using this flawed generator for mnemonic generation, according to CZ.
On August 10, SlowMist reported that Distrust uncovered a severe vulnerability impacting cryptocurrency wallets reliant on Libbitcoin Explorer 3.x. This flaw permits unauthorized access to private keys by exploiting the Mersenne Twister pseudo-random number generator (PRNG), causing tangible real-world repercussions.
The vulnerability emanates from the pseudo-random number generator (PRNG) implementation within Libbitcoin Explorer version 3.x. This implementation relies on the Mersenne Twister algorithm and a mere 32-bit system time as its seed. This precarious approach enables attackers to discover a user’s private key in a matter of days through brute-force tactics.
Libbitcoin Explorer 3.x users and developers employing libbitcoin-system 3.6 to create libraries are susceptible to this vulnerability. Notable cryptocurrencies affected include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash.
Due to this vulnerability, malicious actors can hijack a user’s wallet, resulting in the pilferage of contained funds. As of August 2023, losses of over $900,000 have been reported as stolen crypto assets.
In response, all users employing Libbitcoin Explorer 3.x versions are strongly urged to promptly cease using compromised wallets and transfer their funds to a more secure alternative. Utilizing a proven and secure method for random number generation is imperative when crafting new wallets.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Kraken may drop USDT in the EU due to upcoming MiCA regulations. Other exchanges adapt,…
Rumor has it that zkSync, an Ethereum scaling solution, may drop a governance token soon.…
Oklahoma crypto bill OKHB3594 safeguards residents' rights to use and self-custody digital assets, legalizes home…
Solana tops CoinGecko, boasting highest daily transactions per second (TPS). It outperforms Ethereum and Polygon,…
Bitcoin's correlation with mainstream assets, like tech stocks, is on the rise, fueled by optimism…
The Federal High Court in Abuja has denied bail to Tigran Gambaryan, a senior Binance…
This website uses cookies.