TechFlow reports, according to SlowMist Area, Distrust has discovered a critical vulnerability affecting cryptocurrency wallets using Libbitcoin Explorer 3.x. Attackers can retrieve wallet private keys by cracking the Mersenne Twister pseudorandom number generator (PRNG), which has already caused real-world financial losses.
The vulnerability stems from the PRNG implementation in Libbitcoin Explorer 3.x, which uses a 32-bit system time as the seed, enabling attackers to brute-force users' private keys within days.
This vulnerability affects users who generated wallets using Libbitcoin Explorer 3.x, as well as applications built with the libbitcoin-system 3.6 development library.
Impacted cryptocurrencies include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash. Due to this flaw, attackers can access and take control of users' wallets to steal funds.
As reported, by August 2023, over $900,000 worth of cryptocurrency assets had been stolen. Users of Libbitcoin Explorer 3.x are advised to stop using affected wallets immediately, transfer their funds to secure wallets, and generate new wallets using verified secure random number generation methods.




