A practical explanation of how weak entropy can ruin your day – and your savings.

Vulnerability CVE-2023-39910

• We discovered a cryptographic weakness in the widely utilized Libbitcoin Explorer (bx) cryptocurrency wallet tool while following up on mysterious wallet thefts.
• The bx seed subcommand for generation of new wallet private key entropy is flawed and produces insecure output.
• On Libbitcoin Explorer 3.x versions, bx seed uses the Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time.
• Bad actors have discovered this flaw and are actively exploiting it to steal funds from affected wallets on multiple blockchains.
• We have reasons to believe some Libbitcoin Explorer versions before 3.0.0 also produce weak bx seed output in some system environments.
• Think of this as securing your online bank account with a password manager that creates a long random password, but it often creates the same passwords for every user. Malicious people have figured this out and drained funds on any account they can find.

How?

• Popular documentation like “Mastering Bitcoin” suggests the usage of bx seed for wallet generation.
• Secure cryptography requires a source of large, non-guessable numbers. If the random number generator is weak, the resulting cryptographic usage is almost always compromised.
• For technical people: in this case, practical wallet security is reduced from 128 bit, 192 bit or 256 bit to a mere 32 bit of unknown key information.
• A 32 bit key space is 2^32, or 4,294,967,296 different unique combinations of derived BIP39 mnemonic phrases or other key formats (BIP32). Spoiler: That’s not as many combinations as it sounds.