Libbitcoin Explorer’s Version 3.x faces severe security breach, users’ funds endangered

Blockchain security firm SlowMist has issued a cautionary blog post alerting users to a critical vulnerability within version 3.x of the widely-utilized Libbitcoin Explorer. This vulnerability has raised concerns about the security of various cryptocurrency wallets and reportedly resulted in an approximate loss of $900,000, as reported by Milk Sad. Interestingly, this blog post draws intriguing parallels to past susceptibilities uncovered in Trust Wallet.

The core of the issue, according to SlowMist, lies within Libbitcoin Explorer’s implementation of a pseudo-random number generator (PRNG). By employing the Mersenne twister technique and 32 bits of the system’s time as a seed, PRNGs become susceptible to potential breaches that could compromise users’ private keys.

?SlowMist Security Alert?

Recently, #Distrust discovered a severe vulnerability affecting cryptocurrency wallets using the #Libbitcoin Explorer 3.x versions. This vulnerability allows attackers to access wallet private keys by exploiting the Mersenne Twister pseudo-random…

— SlowMist (@SlowMist_Team) August 10, 2023

Individuals who employed Libbitcoin’s explorer 3.x to generate their cryptocurrency wallet’s seed may find their private keys in jeopardy. Various digital currencies, including Ethereum, Bitcoin, Solana, Dogecoin, Litecoin, Zcash, and Bitcoin Cash, are currently exposed to this vulnerability.

Are you for real Libbitcoin team? Do you really think a warning in a GitHub wiki, edited 6 years ago and seems unmaintained, with the wording "can introduce" is enough to inform users of a "not-to-be-used-in-prod" command? Transparency is the key, and you have failed miserably. https://t.co/op4MmoV3vy pic.twitter.com/Xc9QlI5byr

— sudo rm -rf –no-preserve-root / (@pcaversaccio) August 10, 2023

Interestingly, some have pointed out that the security flaw in Libbitcoin Explorer was seemingly identified on the project’s GitHub page around six years ago. However, apparent efforts have yet to be made to rectify the issue.

This development raises significant questions regarding the security of popular blockchain tools and the apparent delays in addressing potentially devastating vulnerabilities. Consequently, users and stakeholders are left to ponder the effectiveness of security measures employed by such widely-used platforms.

Moreover, this incident underscores the importance of comprehensive security audits within the blockchain and cryptocurrency sphere. Besides the immediate financial implications, the broader concern pertains to the potential compromise of user data and the trustworthiness of key industry players.

The disclosure of this significant vulnerability in Libbitcoin Explorer’s version 3.x is a potent reminder that even established platforms are not immune to security challenges. The incident propels the industry to reevaluate its approach to code review, security patching, and prompt response to identified issues.