More details on this vulnerability: https://milksad.info/
Technical Details: https://milksad.info/disclosure.html
My general comment: This is why you verify.
If you have used Libbitcoin and/or the “bx seed” command, or a Bitcoin wallet that has used weak entropy methods, I strongly recommend you move your funds to a more secure wallet that uses better methods.
Entropy for private key generation really matters a lot in this space. Do not use wallets that are not open source, that are not well reviewed, or explicitly state they use weak cryptography for convenience.
Do not generate your owns keys/seed words from a dictionary, book phrase, or some obscure method you think is “random enough”. You are not a random number generator.
Casino dice are random number generators that can produce real Entropy with enough rolls (no less than 100 dice rolls!). Some of the better hardware wallets even have dice rolls supported as a feature to generate private keys. The better ones are also Bitcoin-only.
You can verify yourself by asking questions on r/bitcoin, r/bitcoinbegginers, on the bitcoin stack exchange, or on the Bitcoin Discord.
You can also verify these answers by going directly to the source of the published code for these wallets, often hosted on github.
Don’t Trust, Verify.
edit: this is not an issue with Bitcoin Core, but an issue with an external third party github library maintained by a few (one?) random developer. This library was referenced for some odd reason in Mastering Bitcoin book by Andreas Antonopolous.
Excerpt on the Libbitcoin Vulnerability from Bitcoin Optech:
Libbitcoin Bitcoin Explorer security disclosure: several security researchers investigating a recent loss of bitcoins among users of Libbitcoin discovered that program’s Bitcoin Explorer (bx) tool’s seed command only generated about 4 billion different unique values. An attacker who assumed the values were used to create private keys, or wallets with particular derivation paths (e.g., following BIP39), could potentially search all possible wallets within a day using a single commodity computer, giving them the ability to steal any funds received to those keys or wallets. A likely such theft occurred on 12 July 2023 with apparent losses of almost 30 BTC (approximately $850,000 USD at the time).Several processes similar to the one that likely led to the loss of funds have been found described in the book Mastering Bitcoin, the documentation homepage for Bitcoin Explorer, and many other places in Bitcoin Explorer’s documentation (e.g. 1, 2, 3). None of that documentation clearly warned that it was unsafe, except for the online documentation of the seed command.Optech’s recommendation is for anyone who thinks they may have used bx seed to generate wallets or addresses is to review the disclosure page and potentially use the service they provide for testing hashes of vulnerable seeds. If you used the same process discovered by the attacker, your bitcoins have likely already been stolen—but if you used a variation on the process, you might still have a chance to move your bitcoins to safety. If you use a wallet or other software that you think might use Libbitcoin, please advise the developers about the vulnernability and ask them to investigate.We thank the researchers for their significant efforts in making a responsible disclosure of CVE-2023-39910.
Edit: It appears that the author of Libbitcoin is washing his hands of this issue and refusing to make any changes to his library to remove the weak cryptography. Furthermore, some people have pointed out that development of the library ceased around the same time that the first related theft of funds occurred. If this is true, this seems like suspicious timing.
In any case, the refusal to do no harm, but to continue publishing weak cryptography that has been used to exploit others is troubling. No matter if this is negligence or malice on the part of the author or other individuals. The net result is the same.
People got hurt because of your code.
Caution is warranted when handling code related to libbitcoin and it's authors.
Some relevant discussion on this unfolding situation: