Researchers flag security concern for users of certain crypto wallets

Funds in crypto wallets made via Libbitcoin’s Bitcoin Explorer might be at risk or stolen

article-image

Voar Designs/Shutterstock, modified by Blockworks

share

A security flaw was detected in the Libbitcoin Explorer on Thursday.

The Libbitcoin Bitcoin Explorer is a command-line utility for Bitcoin-related operations, such as key generation and transaction management, eliminating the need for a full node. 

It allows developers and proficient users to engage with the Bitcoin network.

On-chain experts mentioned on X (previously Twitter) that many crypto wallets utilize Libbitcoin Explorer for generating private key entropy. 

Now, hackers appear to have discreetly siphoned funds across various blockchains.

“If you generated a wallet using Libbitcoin’s Bitcoin Explorer, including as described in the appendix to Mastering Bitcoin, your funds are at risk (or already stolen),” bitcoin technical writer David Harding said.

Loading Tweet..

Meanwhile, a crypto researcher from Johns Hopkins, Matthew Green, stated that one should assume every crypto wallet has an entropy flaw.

Researchers Anton Livaja and Ryan Haywood, among others, on Wednesday highlighted the harm caused by a Libbitcoin vulnerability, noting that malicious individuals found and exploited the flaw to siphon money from impacted wallets.

The researchers pointed out that “Mastering Bitcoin,” a guide for developers to understand bitcoin, suggests using a command called “bx seed” for wallet generation. 

This command is used in the Libbitcoin Explorer to generate random numbers for Bitcoin wallet creation and is essential for ensuring wallet security.

But if the tool relies on a frail random number generator, wallet security could plummet from robust standards like 256-bit down to a mere 32-bit, the team said.

If an attacker matches a wallet, they can access its funds and transaction history, regardless of whether the wallet is securely kept offline. The team believes that wallets created with this tool have been compromised and emptied.

The Libbitcoin team disputes the findings.

According to the researchers’ findings, the primary theft took place around July 12, 2023, but initial breaches likely started on a smaller scale in May 2023.

Another related vulnerability in different wallet software was identified in November 2022 and quickly exploited, possibly setting the stage for this recent incident.

Github activity for libbitcoin halted around the time the first suspected bug exploit occurred on the mainnet, according to one developer with a substantial following.

The team hasn’t determined who is responsible for the continuous thefts from compromised wallets.

A list of wallets potentially affected by the vulnerability was not immediately available, however according to MataMask’s Taylor Monahan, popular wallets such as MetaMask, Ledger and Trezor are not affected.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Hilton Park Lane

Tues - Wed, November 10 - 11, 2026

DAS London is a two-day summit at the Hilton Park Lane in London featuring conversations between the builders, allocators, and policy makers who are shaping the trajectory of the digital asset ecosystem in the UK, Europe, and North America.

Marina Bay Sands Singapore

Wednesday, October 07, 2026

DAS Asia is a a single-day summit at Marina Bay Sands Singapore featuring conversations between the builders, investors, and global leaders are shaping the trajectory of the digital asset ecosystem in Asia & North America.

recent research

Black Generic.png

Research

Compute demand is two-sided, the precondition for any hedging market. Producers (neoclouds and independent data centers) fear their inventory clears below cost. Consumers (inference platforms and the agentic application layer) fear compute will get more expensive. The common read holds that nonfungibility keeps both off any general exchange, since a buyer wants a named SKU in a named region rather than a basket, so the trade stays bilateral and the only exchange users are dealers hedging their book. That describes launch conditions, but understates how commodity markets form. Canonical benchmarks get made through trading, and reservations standardize as the curve deepens. The dealer-intermediated structure is not the end state, it is the seed of one.

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Blockworks Research

Unlock crypto's most powerful research platform.

Our research packs a punch and gives you actionable takeaways for each topic.

SubscribeGet in touch

Blockworks Inc.

133 W 19th St., New York, NY 10011

Blockworks Network

NewsPodcastsNewslettersEventsRoundtablesAnalytics