Kryptogeld-Albtraum: 120.000 Bitcoin-Private Keys durch Libbitcoin-Explorer-Fehler kompromittiert

Ein fataler Fehler im Zufallszahlengenerator des Libbitcoin Explorers legte über 120.000 Bitcoin-Private Keys offen - ein Sicherheitsdebakel, das Krypto-Anleger weltweit in Alarmbereitschaft versetzt.

Das technische Versagen

Der RNG-Defekt im weit verbreiteten Krypto-Tool untergrub die fundamentale Sicherheitsarchitektur von Bitcoin-Wallets. Private Keys, die eigentlich unknackbar sein sollten, wurden durch vorhersehbare Zufallszahlen zur offenen Tür für Diebe.

Die Konsequenzen

Mit kompromittierten Private Keys haben Hacker direkten Zugriff auf die entsprechenden Bitcoin-Guthaben. Die betroffenen Adressen wurden zu leichten Zielen in einem Ökosystem, das eigentlich auf mathematischer Sicherheit basieren sollte.

Immerhin - bei den aktuellen Bitcoin-Preisen müssen sich die Banker nicht allzu viele Sorgen machen. Die meisten von ihnen verstehen die Technologie sowieso nicht.

OneKey analysis on the extent of affected wallets

According to the crypto wallet service provider, the issue has been confirmed to affect several wallet implementations that integrated Libbitcoin Explorer or its dependent components, including Trust Wallet Extension versions 0.0.172 through 0.0.183, and Trust Wallet Core versions up to 3.1.1, bar the patched 3.1.1 release.

OneKey, citing an analysis by security researchers, discovered that the security flaw arose from the PRNG’s dependence on predictable entropy. Attackers could reproduce identical private keys for wallets generated at specific timestamps. 

The small seed space and predictable nature of the Mersenne Twister-32 algorithm made it feasible for malicious actors to automate the process and compromise several wallets.

OneKey explained that the flaw may have contributed to previous mysterious fund losses in incidents like the “Milk Sad” case, where victims reported seeing their wallets drained, despite using air-gapped systems for security.

The ‘Milk Sad’ connection did not affect OneKey wallets

The Milk Sad investigation, which began earlier this year, revealed that victims had generated their wallets on air-gapped Linux laptops using commands in Libbitcoin Explorer. In each case, users relied on bx to produce their 24-word BIP39 mnemonic phrases in the belief that the tool made the randomness sufficient.

One command sequence used during wallet generation was bx seed -b 256 | bx mnemonic-new. It generated 256 bits of entropy, which were then converted into a 24-word mnemonic phrase. Due to the flawed random number generator, the supposedly secure mnemonics were in fact predictable.

Although the Milk Sad victims created their wallets years apart, investigators found each used the same version of Libbitcoin Explorer, which unknowingly generated weak private keys.

In its report, OneKey stated that the vulnerability in Libbitcoin Explorer does compromise the security of mnemonic or private keys in its wallets. The company’s investigation confirmed that its devices and software use a cryptographically secure RNG that meets international security standards.

“All new-generation hardware wallets have Secure Elements (SE) with built-in True Random Number Generators (TRNGs) for key creation. The components are hardware-based and hold EAL6+ certification, levels of security that are recognized globally,” the hardware and cold wallet company confirmed.

Software wallet vulnerability assessment

OneKey also conducted an assessment of its software products, noting that the Desktop and Browser Extension versions utilize a Chromium-based WebAssembly (WASM) PRNG interface. 

The interface operating system uses a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) as the entropy source, which is the same standard used in modern browsers and secure software systems.

OneKey said its Android and iOS wallets have system-level CSPRNG APIs built into the operating systems themselves. The wallet service’s security team reiterated that the randomness quality in wallet generation directly depends on the integrity of the device and software environment. 

“If the operating system, browser kernel, or device hardware is compromised, the entropy source could be weakened,” it wrote.

The firm has advised users to choose hardware wallets if they plan to store coins for the long term, to minimize the risk of exposure. It also warned them not to import mnemonic phrases generated by software wallets into hardware wallets. 

If you're reading this, you’re already ahead. Stay there with our newsletter.