A recent crypto security breach has exposed a significant vulnerability within the Libbitcoin Explorer 3.x library, resulting in the illicit withdrawal of more than $900,000 from Bitcoin users’ accounts. SlowMist, a blockchain security firm, detailed the breach in a recent report.
The targeted software, Libbitcoin Bitcoin Explorer, is a command-line tool extensively employed for various Bitcoin operations, such as generating cryptographic keys and overseeing transactions. This utility facilitates engagement with the Bitcoin network without the need for a complete node, making it popular among developers and adept users.
The breach is of particular concern due to the widespread reliance on the Libbitcoin Explorer by numerous cryptocurrency wallets for deriving private key entropy. Hackers have leveraged this vulnerability to covertly syphon substantial sums across multiple blockchains, highlighting the urgency of addressing the vulnerability and reinforcing security measures across the cryptocurrency landscape.
‘Milk Sad’ Loophole Results In Crypto Theft
The cybersecurity team Distrust discovered the breach and dubbed the vulnerability the “Milk Sad” loophole, as reported by SlowMist. Attackers were able to exploit the vulnerability within the Libbitcoin Explorer to manipulate its faulty key generation mechanism and guess private keys. The breach was reported to the CVE cybersecurity vulnerability database.
“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” warned crypto technical writer David Harding on X.
Faulty Seed Subcommand
The flaw lies in a flawed seed subcommand used for generating fresh wallet private key entropy. This faulty mechanism results in the production of insecure outputs, leaving cryptocurrency holdings vulnerable to theft. Experts compare the situation to securing an online bank account with a password manager that consistently generates the same passwords for multiple users. Malicious actors have taken advantage of this weakness to drain funds from a range of affected accounts.
Distrust’s findings emphasize the alarming drop in security effectiveness, as even a high-performance gaming PC can quickly break through the compromised seeds in under 24 hours.
While the specific wallets impacted by the Libbitcoin vulnerability and the exact extent of cryptocurrency theft remain unconfirmed, evidence suggests that the exploit was operational during June and July of this year.
This investigation underlines the urgency of addressing such vulnerabilities to safeguard the integrity of cryptocurrency transactions and the digital assets they involve.
Analyst comment
This news can be evaluated as negative. The breach in the Libbitcoin Explorer 3.x library has resulted in the illicit withdrawal of over $900,000 from Bitcoin users’ accounts. It highlights a significant vulnerability and the urgent need for reinforcing security measures in the cryptocurrency market. As a result of this news, there may be a decrease in trust and confidence in cryptocurrency transactions, potentially leading to a short-term decrease in the market.
