He emphasized that while self-custodial wallets offer benefits, they aren’t devoid of risks, provided users understand their operation. The vulnerability arises from a flawed random number generator using a 32-bit seed, rendering it insufficiently random for contemporary cryptographic challenges like GPUs.
This vulnerability is due to the random number generator using a 32 bit seed, which is not sufficiently random against modern cracking such as GPUs. @Trustwallet and @Binance wallets do not use this for seed phrase generation. 🙏
— CZ 🔶 Binance (@cz_binance) August 11, 2023
Notably, Trust Wallet and Binance Wallet avoid using this flawed generator for mnemonic generation, according to CZ.
On August 10, SlowMist reported that Distrust uncovered a severe vulnerability impacting cryptocurrency wallets reliant on Libbitcoin Explorer 3.x. This flaw permits unauthorized access to private keys by exploiting the Mersenne Twister pseudo-random number generator (PRNG), causing tangible real-world repercussions.
The vulnerability emanates from the pseudo-random number generator (PRNG) implementation within Libbitcoin Explorer version 3.x. This implementation relies on the Mersenne Twister algorithm and a mere 32-bit system time as its seed. This precarious approach enables attackers to discover a user’s private key in a matter of days through brute-force tactics.
Libbitcoin Explorer 3.x users and developers employing libbitcoin-system 3.6 to create libraries are susceptible to this vulnerability. Notable cryptocurrencies affected include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash.
Due to this vulnerability, malicious actors can hijack a user’s wallet, resulting in the pilferage of contained funds. As of August 2023, losses of over $900,000 have been reported as stolen crypto assets.
In response, all users employing Libbitcoin Explorer 3.x versions are strongly urged to promptly cease using compromised wallets and transfer their funds to a more secure alternative. Utilizing a proven and secure method for random number generation is imperative when crafting new wallets.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
