Advertisement
Disappearance of $900K Puts Focus on Vintage Bitcoin Project Libbitcoin
But after roughly $900,000 disappeared from various user wallets over the past few months, Libbitcoin, once presumed secure, has turned out to be unsafe.
Here’s how the latest saga unfolded, according to a report on , which details the findings of Distrust, the security firm that discovered the vulnerability in July, assisted by a group of independent contributors.
At some point in May, hackers began secretly stealing funds from unsuspecting users after discovering an obscure vulnerability in a number of wallets generated by the Libbitcoin explorer, called BX.
If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen).
Full details: https://t.co/Crlw63lUr4
— David A. Harding (@hrdng) August 8, 2023
The vulnerability was dubbed “Milk Sad” because “milk” and “sad” were in a wallet-recovery seed phrase generated by the vulnerability, the report states.
The most significant heist – 29.65 bitcoin (BTC) worth about $870,000 at current rates – took place July 12. Distrust says a total of at least $900,000 was stolen across multiple blockchains, including from some of the roughly 2,600 bitcoin wallets affected by the vulnerability.
Hardware wallets like Trezor and Ledger seem to have been unscathed, but there are still a number of wallets at risk, and the full extent of money stolen is “yet to be determined,” according to an Aug. 8 tweet by Anton Livaja, a member of the Distrust team.
BX comes with a text command called “bx seed” that uses the clock on a developer’s computer to produce a seed phrase for creating a wallet.
Crypto software provides random combinations of 12 to 24 words or seed phrases to users who want to “recover” or regain access to their wallets in the case of accidental loss.
But when using BX, the resultant phrase turns out to be insufficiently random. According to the report, “a decent gaming PC can do a brute-force search,” or guess all possible word combinations for a user’s seed phrase, “in less than a day.”
Advertisement
“Think of this as securing your online bank account with a password manager that creates a long random password,” the report states. “But it often creates the same passwords for every user. Malicious people have figured this out and drained funds on any account they can find.”
Ethereum, Zcash, Solana, Dogecoin affected
Milk Sad is not restricted to Bitcoin. Ethereum, Zcash, Solana and even Dogecoin are among the list of eight blockchains affected. Similar but not identical vulnerabilities have been detected in Cake Wallet and Trust Wallet, both multi-chain wallet apps.
Typically, seed phrases are created using a generator capable of producing a set or “key space” with a dizzying number of unique word combinations represented by the exponent of a binary digit or “bit” – essentially, the number two raised to the power of 128, 192 or 256.
BX has a paltry 32-bit key space which can only yield about 4.3 billion unique word combinations. “That’s not as many combinations as it sounds,” according to the report.
Eric Voskuil, BX’s lead developer, admitted that the seed generator was indeed insecure, but insisted there was no bug in the software, arguing that the bx seed text command had been misused. He tweeted a screenshot of the application’s GitHub documentation that warns developers of the vulnerability.
I have been informed by the folks at https://t.co/Ja1L3PDloF that they have filed a CVE against Libbitcoin. Apparently a wallet product used a BX command in a manner explicitly warned against. This is not a bug in BX or Libbitcoin, it is reckless wallet development. pic.twitter.com/QGlCHB6XQX
— Eric Voskuil (@evoskuil) August 7, 2023
“This is not a bug in BX or Libbitcoin,” Voskuil tweeted. “It is reckless wallet development.”
Several cryptographers in the Bitcoin community begged to differ.
Recommended for you:
- Ethereum’s Shanghai Upgrade Will Permanently Alter ETH Economics
- First Mover Asia: Bitcoin Steady Below $30K as SBF Goes Back to Jail
- How the Top 1% Covers Crypto
“The case is crystal-clear,” tweeted Tim Ruffing, cryptographer at Bitcoin infrastructure firm Blockstream. “It’s your bug, period.”
