A newly uncovered vulnerability in a widely used open-source Bitcoin library has led to the exposure of more than 120,000 private keys, according to a report by crypto wallet provider OneKey.
The flaw was traced back to the Libbitcoin Explorer (bx) 3.x series, which allowed attackers to predict wallet private keys generated through insecure random number methods.
According to OneKey’s insight published on X late Friday, Libbitcoin Explorer (bx) 3.x is a command-line utility long used to create Bitcoin wallets offline. The software uses the Mersenne Twister-32 pseudo-random number generator (PRNG), which seeds randomness using only the system time.
The seed space was limited to 2³² possible values, which helped hackers easily predict the random numbers and brute-force wallet private keys. Anyone aware of when a wallet was generated could reconstruct the same sequence of random numbers and, in turn, derive the private key to access an address’s funds.
OneKey analysis on the extent of affected wallets
According to the crypto wallet service provider, the issue has been confirmed to affect several wallet implementations that integrated Libbitcoin Explorer or its dependent components, including Trust Wallet Extension versions 0.0.172 through 0.0.183, and Trust Wallet Core versions up to 3.1.1, bar the patched 3.1.1 release.
OneKey, citing an analysis by security researchers, discovered that the security flaw arose from the PRNG’s dependence on predictable entropy. Attackers could reproduce identical private keys for wallets generated at specific timestamps.
The small seed space and predictable nature of the Mersenne Twister-32 algorithm made it feasible for malicious actors to automate the process and compromise several wallets.
OneKey explained that the flaw may have contributed to previous mysterious fund losses in incidents like the “Milk Sad” case, where victims reported seeing their wallets drained, despite using air-gapped systems for security.
The ‘Milk Sad’ connection did not affect OneKey wallets
The Milk Sad investigation, which began earlier this year, revealed that victims had generated their wallets on air-gapped Linux laptops using commands in Libbitcoin Explorer. In each case, users relied on bx to produce their 24-word BIP39 mnemonic phrases in the belief that the tool made the randomness sufficient.
One command sequence used during wallet generation was bx seed -b 256 | bx mnemonic-new. It generated 256 bits of entropy, which were then converted into a 24-word mnemonic phrase. Due to the flawed random number generator, the supposedly secure mnemonics were in fact predictable.
Although the Milk Sad victims created their wallets years apart, investigators found each used the same version of Libbitcoin Explorer, which unknowingly generated weak private keys.
In its report, OneKey stated that the vulnerability in Libbitcoin Explorer does not compromise the security of mnemonic or private keys in its wallets. The company’s investigation confirmed that its devices and software use a cryptographically secure RNG that meets international security standards.
“All new-generation hardware wallets have Secure Elements (SE) with built-in True Random Number Generators (TRNGs) for key creation. The components are hardware-based and hold EAL6+ certification, levels of security that are recognized globally,” the hardware and cold wallet company confirmed.
Software wallet vulnerability assessment
OneKey also conducted an assessment of its software products, noting that the Desktop and Browser Extension versions utilize a Chromium-based WebAssembly (WASM) PRNG interface.
The interface operating system uses a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) as the entropy source, which is the same standard used in modern browsers and secure software systems.
OneKey said its Android and iOS wallets have system-level CSPRNG APIs built into the operating systems themselves. The wallet service’s security team reiterated that the randomness quality in wallet generation directly depends on the integrity of the device and software environment.
“If the operating system, browser kernel, or device hardware is compromised, the entropy source could be weakened,” it wrote.
The firm has advised users to choose hardware wallets if they plan to store coins for the long term, to minimize the risk of exposure. It also warned them not to import mnemonic phrases generated by software wallets into hardware wallets.
If you’re reading this, you’re already ahead. Stay there with our newsletter.
Source: https://www.cryptopolitan.com/120k-bitcoin-private-keys-cracked-in-a-new-hack/
