PSA: Severe Libbitcoin Vulnerability. Move any related funds to a secure address \ stacker news ~bitcoin

More details on this vulnerability: https://milksad.info/

Technical Details: https://milksad.info/disclosure.html

My general comment: This is why you verify.

If you have used Libbitcoin and/or the “bx seed” command, or a Bitcoin wallet that has used weak entropy methods, I strongly recommend you move your funds to a more secure wallet that uses better methods.

Entropy for private key generation really matters a lot in this space. Do not use wallets that are not open source, that are not well reviewed, or explicitly state they use weak cryptography for convenience.

Do not generate your owns keys/seed words from a dictionary, book phrase, or some obscure method you think is “random enough”. You are not a random number generator.

Casino dice are random number generators that can produce real Entropy with enough rolls (no less than 100 dice rolls!). Some of the better hardware wallets even have dice rolls supported as a feature to generate private keys. The better ones are also Bitcoin-only.

You can verify yourself by asking questions on r/bitcoin, r/bitcoinbegginers, on the bitcoin stack exchange, or on the Bitcoin Discord.

You can also verify these answers by going directly to the source of the published code for these wallets, often hosted on github.

Don’t Trust, Verify.

edit: this is not an issue with Bitcoin Core, but an issue with an external third party github library maintained by a few (one?) random developer. This library was referenced for some odd reason in Mastering Bitcoin book by Andreas Antonopolous.

Excerpt on the Libbitcoin Vulnerability from Bitcoin Optech:

Libbitcoin Bitcoin Explorer security disclosure: several security researchers investigating a recent loss of bitcoins among users of Libbitcoin discovered that program’s Bitcoin Explorer (bx) tool’s seed command only generated about 4 billion different unique values. An attacker who assumed the values were used to create private keys, or wallets with particular derivation paths (e.g., following BIP39), could potentially search all possible wallets within a day using a single commodity computer, giving them the ability to steal any funds received to those keys or wallets. A likely such theft occurred on 12 July 2023 with apparent losses of almost 30 BTC (approximately $850,000 USD at the time).

Several processes similar to the one that likely led to the loss of funds have been found described in the book Mastering Bitcoin, the documentation homepage for Bitcoin Explorer, and many other places in Bitcoin Explorer’s documentation (e.g. 1, 2, 3). None of that documentation clearly warned that it was unsafe, except for the online documentation of the seed command.

Optech’s recommendation is for anyone who thinks they may have used bx seed to generate wallets or addresses is to review the disclosure page and potentially use the service they provide for testing hashes of vulnerable seeds. If you used the same process discovered by the attacker, your bitcoins have likely already been stolen—but if you used a variation on the process, you might still have a chance to move your bitcoins to safety. If you use a wallet or other software that you think might use Libbitcoin, please advise the developers about the vulnernability and ask them to investigate.

We thank the researchers for their significant efforts in making a responsible disclosure of CVE-2023-39910.

Edit: It appears that the author of Libbitcoin is washing his hands of this issue and refusing to make any changes to his library to remove the weak cryptography. Furthermore, some people have pointed out that development of the library ceased around the same time that the first related theft of funds occurred. If this is true, this seems like suspicious timing.

In any case, the refusal to do no harm, but to continue publishing weak cryptography that has been used to exploit others is troubling. No matter if this is negligence or malice on the part of the author or other individuals. The net result is the same.

People got hurt because of your code.

Caution is warranted when handling code related to libbitcoin and it's authors.

Some relevant discussion on this unfolding situation:

https://nitter.net/utxoclub/status/1689323302408306688

https://nitter.net/evoskuil/status/1689128996120776704

https://news.ycombinator.com/item?id=37057601

103 sats \ 1 reply \ @BITC0IN OP 10 Aug 2023

nullc aka greg maxwell on the libbitcoin crypto weakness disclosure... https://reddit.com/r/Bitcoin/comments/15nbzgo/psa_severe_libbitcoin_vulnerability_if_you_used/jvmcslr/

1 sat \ 0 replies \ @nemo 10 Aug 2023

deleted by author

1 sat \ 0 replies \ @orthzar 10 Aug 2023

Who was it who said, "you will use core lighting and you will like it"? In this case, you will use Bitcoin Core and you will like it.

1 sat \ 2 replies \ @patrick1 10 Aug 2023

Do we know which wallets are/were effected?

30 sats \ 0 replies \ @BITC0IN OP 10 Aug 2023

at the moment, not really. but some fingers have pointed to trustwallet and bitpay. Trustwallet had a similar entropy exploit recently, and there was a recent apparent mass exploit that was reported on reddit not to long ago that some people think is related to this: https://www.reddit.com/r/Bitcoin/comments/158nyuo/mass_hacking_of_over_1000_bitcoin_accounts/

https://www.reddit.com/r/Bitcoin/comments/158nyuo/mass_hacking_of_over_1000_bitcoin_accounts/jve94ej/

libbitcoin was referenced in the mastering bitcoin book, so the concern seems to be mostly for people who used that library.

most people are not affected by this vulnerability.

Bitcoin core is not affected by this at all.

0 sats \ 0 replies \ @TheWildHustle 10 Aug 2023

#222324

0 sats \ 0 replies \ @elvismercury 10 Aug 2023

Ugh, hate to see this. Here's some context for people who don't know the actors:

Erik Voskuil is an OG who has contributed mightily to btc in many ways. Super smart dude, but arrogant as fuck, always nit-picks things to death, sort of the btc equivalent of Comic Book Guy from the Simpsons, if CBG had been a fighter pilot.

Looks like he made a tool that was way less explicit about its cryptographic shortcomings than the dox indicated. People used one of his tools in ways they technically shouldn't have. Voskuil disclaims responsibility for the mis-use and won't fix his fucking code, which is technically fine -- half the fuckers on SN thought it was no problem when somebody exploited a bug last week and stole tens of millions of sats, so I assume they're on Voskuil's side here -- but kind of a dick move. Still, a totally predictable dick move, given his personality.

If kids keep coming into your yard and falling into a hole and getting hurt, maybe put up a barrier around the hole or something. Yeah, it's legally their own fault for coming onto your property, but again, is it really necessary to be a dick all the time, just bc you technically can?

Man. Also:

Please raise your hand, SN citizens, if you have manually inspected the PRNG code for whatever your wallet of choice is.

Can we just admit that life is full of trust, and that even in btc people have to trust other people at some point? Nobody is verifying everything in the logistical chain -- hardware and software -- that stands between you and your btc tx.

0 sats \ 0 replies \ @BITC0IN OP 10 Aug 2023

for reference, the reddit discussion on this PSA is a little more lively https://www.reddit.com/r/Bitcoin/comments/15nbzgo/psa_severe_libbitcoin_vulnerability_if_you_used/