Research Updates
News on several Lost ‘n’ Found boxes full of private keys 🔑🔥
Update #11 - 38C3 Talk, Address Data, Early Code
We will soon present a Milk Sad talk at the 38C3 conference, recently released large collections of discovered weak wallet addresses, and published more of our early code.
Update #10 - Cake Wallet Vulnerability Impact
This is the second analysis article of the insecure Bitcoin wallet flaw in Cake Wallet from 2020/2021. In this iteration, we give an overview on usage statics and affected funds and present a number of graphs to visualize the overall usage.
Update #9 - Cake Wallet Technical Writeup
In this post, we’re disclosing new technical information on the Cake Wallet flaw from 2020/2021 that led to the generation and use of very insecure Bitcoin wallets.
Update #8 - Custom Rust Library Optimizations
This is a developer-focused research update on code optimizations for secp256k1
libraries.
Update #7 - Billion Dollar Wallet Range, Now Empty
In research update #2, we looked at the weak wallet generation algorithm used by vulnerable Trust Wallet (CVE-2023-31290) versions and other yet unknown wallet software. In the corresponding 128 bit private key range discussed in that research update, we had tracked down ~1000 Bitcoins worth of historical transaction volume, representing millions of dollars in cryptocurrency that had been relying on vulnerable private keys.
Astonishingly, this was just the tip of the iceberg. The 256 bit key range of the same weak generation mechanism formerly held tens of thousands of Bitcoins on extremely weak keys 🤯
Update #6 - Cake Wallet Vulnerability PSA
This post is a Public Service Announcement:
Several vulnerable versions of the cryptocurrency wallet software Cake Wallet
released in 2020-2021 created extremely weak Bitcoin wallets.
If you’re a Cake Wallet user or know someone who is, we urgently recommend checking if you
-> still use a vulnerable old wallet software version
-> still use an old and weak Bitcoin mnemonic seed generated with a vulnerable version
Affected wallets are at risk of immediate and complete loss of all Bitcoin funds.
Update #5 - Digging Into New Trust Wallet Research
Last Friday, we learned of a newly disclosed vulnerability in the Trust Wallet
software which is relevant to Milk Sad. Researchers from SECBIT Labs tracked down an older wallet generation weakness in the iOS platform version of Trust Wallet
from 2018 and connected it to the large thefts on 2023-07-12 that triggered our Milk Sad research.
Using the newly available information, we managed to reproduce some of their findings, and can give a first look at additional data we collected.
Update #4 - Affected Software: bip3x Library
We take a deep dive into the bip3x
library’s use of pseudo random number generators (PRNG) and related problems.
Update #3 - Bloom Filter, Dataset, Canaries
This research update has some information on the Bloom filter mechanism and public blockchain address data we used to find weak Bitcoin wallets. Using this technique, we were able to check several billion of potential wallets for actual usage on the blockchain without running a Bitcoin full node, or flooding other Bitcoin servers and APIs with excessive network requests.
Update #2 - Trust Wallet Ranges, Uncompressed Pubkeys
While researching the weak entropy generated by bx
using the Mersenne Twister algorithm, we learned fairly quickly that the generation algorithm is only a minor code change away from re-creating the weak wallets of the Trust Wallet
software. Naturally, we spent some time in the last months to see which weak wallets we could summon from the cryptographic realms 🔮🪄.
There is a lot to tell about new discoveries that resulted from this, so we’ll start by presenting some initial statistics and descriptions about the over 2700 weak wallet private keys in these new areas.
Update #1 - New bx Data, ETH, Service Changes
Three months have passed since discovering the explanation for the observed thefts and our intense sprint towards the initial publication of the Milk Sad
vulnerability in the blockchain-explorer bx
wallet software. By quickly publishing, we fulfilled our primary goal of telling the world about the issue - providing an explanation for affected victims, and hopefully sparing some future users from the same fate. The disclosure also raised the public profile of the weak Pseudorandom Number Generators (PRNGs) vulnerability class and underlined the catastrophic impacts it can have in the cryptocurrency world.
After the dust settled and things got back to normal, most of our team members have now turned their focus back to their day jobs and other projects.
Curiosity is a powerful motivation, though, and so a few members of the group keep digging into more details of the fallout of weak bx
keys, similar vulnerabilities involving weak private keys, and related security research that interests us.
Going forward, we will make use of individual blogposts to share new details, discoveries, and other topics we see as notable.