From 3cf95702200ec87c896654cfc45ee7d92ba6a247 Mon Sep 17 00:00:00 2001
From: Christian Reitter <invd@inhq.net>
Date: Mon, 16 Dec 2024 11:52:54 +0100
Subject: [PATCH] Add public Milk Sad disclosure responses

---
 README.md | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 127 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c54c6b6..c630188 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,9 @@ This is not exhaustive, see our blog posts for more context.
 * https://www.reddit.com/r/Bitcoin/comments/157ze5i/my_bitcoin_was_taken_how/, now partially deleted
 * https://www.reddit.com/r/Bitcoin/comments/158nyuo/mass_hacking_of_over_1000_bitcoin_accounts/
 
+### Potentially Related Press
+
+* https://cointelegraph.com/news/redditor-gets-lesson-after-bitcoin-paper-wallet-hacked
 
 ### Interesting Tools
 Software we found during our research. We don't endorse these tools and can't vouch for them in any way.
@@ -25,6 +28,128 @@ Software we found during our research. We don't endorse these tools and can't vo
 * https://github.com/altf4/untwister
 * https://github.com/Houzich/CUDA-GPU-Brute-Force-Mnemonic-Ethereum
 
-## Press
+## Public Reaction to Milk Sad Disclosure
 
-* https://cointelegraph.com/news/redditor-gets-lesson-after-bitcoin-paper-wallet-hacked
\ No newline at end of file
+### News
+* https://bitcoinmagazine.com/technical/the-milk-sad-vulnerability-and-what-it-means-for-bitcoin
+* https://newsletter.mollywhite.net/p/issue-36
+* https://euro.dayfr.com/business/amp/666814
+* https://bitcoinworld.co.in/disappearance-of-900k-puts-focus-on-vintage-bitcoin-project-libbitcoin/
+* https://www.binance.com/en-IN/feed/post/2023-08-14-major-vulnerability-in-bitcoin-libbitcoin-explorer-tool-fixed-961627
+* https://www.coindesk.com/tech/2023/08/14/disappearance-of-900k-puts-focus-on-vintage-bitcoin-project-libbitcoin/
+* https://www.cryptopolitan.com/libbitcoin-explorers-version-3-x-faces-severe-security-breach-users-funds-endangered/
+* https://coinnounce.com/vintage-bitcoin-project-libbitcoin-loses-900k/
+* https://unchainedcrypto.com/milk-sad-issue-results-in-900000-stolen-from-crypto-wallets/
+* https://finance.yahoo.com/news/disappearance-900k-puts-focus-vintage-020100877.html
+* https://www.msn.com/en-us/news/technology/libbitcoin-explorer-s-version-3-x-faces-severe-security-breach-users-funds-endangered/ar-AA1f8wL1
+* https://www.bitcoininsider.org/article/222643/crypto-security-breach-hackers-exploit-bitcoin-wallet-vulnerability-make-900k
+* https://www.investing.com/news/cryptocurrency-news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-900k--slowmist-3151825
+* https://headtopics.com/us/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-900k-slowmist-42034707
+* https://cointelegraph.com/news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-funds-slow-mist
+* https://www.schneier.com/blog/archives/2023/08/cryptographic-flaw-in-libbitcoin-explorer-cryptocurrency-wallet.html (no biggie)
+* https://bitcoinops.org/en/newsletters/2023/08/09/
+* https://www.web3isgoinggreat.com/?id=libbitcoin-vulnerability
+* https://medium.com/asecuritysite-when-bob-met-alice/a-novice-mistake-meet-milk-sad-and-the-32-bit-key-ba308fb2b633
+* https://thenationview.com/cryptocurrency/203129.html
+* https://www.nobsbitcoin.com/milk-sad-vulnerability-disclosure/
+* https://cointimes.com.br/milk-sad-1000-carteiras-de-bitcoin-roubadas-em-vulnerabilidade-que-afetou-milhoes-de-dolares-veja-se-voce-foi-comprometido/
+* https://russia.postsen.com/business/amp/392963
+* https://bitcoinist.com/crypto-breach-hackers-make-off-with-900k/
+* https://decrypt.co/news-explorer?pinned=266091&title=libbitcoins-vulnerability-allowed-hackers-to-make-off-with-at-least-900000-in-user-funds
+* https://protos.com/crypto-wallet-seeds-crackable-with-gaming-pc-via-this-security-flaw/
+* https://www.securitylab.ru/news/540834.php
+* https://unchainedcrypto.substack.com/p/should-sbf-have-stayed-silent
+* https://www.cryptotimes.io/bug-in-libbitcoin-explorer-3-x-allows-hacker-to-steal-900k/
+
+### Videos
+* https://www.youtube.com/watch?v=PHdsyG7ZoM4 (Crypto World Daily)
+* https://www.youtube.com/watch?v=XKGMYii0wdA (BlockChain Caffe)
+* https://www.youtube.com/watch?v=GXwpTlSBtrk (Bitcoin Review)
+* https://www.youtube.com/watch?v=R37Zmx7VopY (Olaf Ihle)
+* https://www.youtube.com/watch?v=3uwl5xDdc7c (pubkey nyc)
+* https://www.youtube.com/watch?v=GXwpTlSBtrk (bitcoin review)
+* https://www.youtube.com/watch?v=aBhr4QnjggQ (explaining bitcoin)
+
+### Podcasts
+* https://poddtoppen.se/podcast/1617044319/asecuritysite-podcast/bill-buchanan-a-novice-mistake-meet-milk-sad-and-the-32-bit-key
+* https://bitcoinops.org/en/podcast/2023/08/10/
+
+### Forums
+* https://lobste.rs/s/mhveku/milk_sad
+* https://www.metafilter.com/200276/Milk-Sad
+* https://news.ycombinator.com/item?id=37054862
+* https://stacker.news/items/221860
+* https://www.pipiscrew.com/threads/milk-sad-weak-entropy-in-libbitcoin-bc-seed-generation.85195/#post-84070
+
+### Reddit
+* https://www.reddit.com/r/Bitcoin/comments/15lu8ps/milk_sad_a_practical_explanation_of_how_weak/
+* https://www.reddit.com/r/CryptoCurrencyClassic/comments/15mirw5/milk_sad_vulnerability_cve202339910_in_libbitcoin/
+* https://www.reddit.com/r/programmingcirclejerk/comments/15lv4md/the_bx_seed_subcommand_for_generation_of_new/
+* https://www.reddit.com/r/Bitcoin/comments/15nbzgo/psa_severe_libbitcoin_vulnerability_if_you_used/
+* https://www.reddit.com/r/coldcard/comments/15n9gww/milk_sad_wallet_vulnerability/
+* https://www.reddit.com/r/CryptoCurrencyClassic/comments/15ngyk2/major_rng_in_seed_generation_was_disclosed/
+* https://www.reddit.com/r/btc/comments/15n383k/milk_sad_vulnerability_a_practical_explanation_of/
+* https://www.reddit.com/r/Electrum/comments/15npvwy/has_electrum_ever_been_exposed_to_the_milk_sad/
+
+### Git
+* https://github.com/spesmilo/electrum/issues/8570
+* https://github.com/bitcoinbook/bitcoinbook/issues/1082
+* https://github.com/MelbourneBitDevs/MelbBitDevs/issues/9
+* https://github.com/LedgerHQ/app-ethereum/issues/462
+* https://github.com/LedgerHQ/app-bitcoin/issues/244
+* https://github.com/libbitcoin/libbitcoin-explorer/issues/728
+* https://github.com/libbitcoin/libbitcoin-explorer/issues/726
+* https://github.com/libbitcoin/libbitcoin-explorer/pull/729
+
+### Fediverse
+* https://mastodon.social/@lrvick/110855860330518325
+
+### LinkedIn
+
+* https://www.linkedin.com/posts/alivaja_milk-sad-disclosure-activity-7094781878552973312-3sIr
+* https://www.linkedin.com/posts/jnaulty_bitcoin-cryptocurrency-cryptography-activity-7094980987868106752-6DTv
+* https://www.linkedin.com/posts/activity-7095248467765170177-9QEw
+
+### The website formerly known as Twitter
+* https://twitter.com/SlowMist_Team/status/1689593659606630400
+* https://twitter.com/klever_io/status/1679267565434986501
+* https://twitter.com/cmichelio/status/1689686030457217033
+* https://twitter.com/tdryja/status/1689285003782340608
+* https://twitter.com/gopal_bharvad/status/1689295644261785600
+* https://twitter.com/utxoclub/status/1689323302408306688?s=20
+* https://twitter.com/SCBuergel/status/1689428445686792192
+* https://twitter.com/midmagic/status/1689398329875300356
+* https://twitter.com/bitkarrot/status/1689392632701845507
+* https://twitter.com/isislovecruft/status/1689331203684577280
+* https://twitter.com/JuanSGalt/status/1689321099799011337
+* https://twitter.com/molly0xFFF/status/1689369708762472449
+* https://twitter.com/BawdyAnarchist_/status/1689322971117101066
+* https://twitter.com/hrdng/status/1689022029142560771
+* https://twitter.com/JohnNaulty/status/1689225812543766528
+* https://twitter.com/h0wlu/status/1689211942236303360
+* https://twitter.com/drgrove92/status/1689011743786475520
+* https://twitter.com/NikolRo1/status/1689294137445498881
+* https://twitter.com/n1ckler/status/1689026658408259585
+* https://twitter.com/BlockchainDoug/status/1689039042078248960
+* https://twitter.com/SeedSigner/status/1689076185714552833
+* https://twitter.com/chromatic_x/status/1689012605162319873
+* https://twitter.com/thepizzaknight_/status/1689080119678095360
+* https://twitter.com/mrgretzky/status/1689180158937223168
+* https://twitter.com/echa_io/status/1689098730673524736
+* https://twitter.com/turnkeyhq/status/1689035139773267968
+* https://twitter.com/techmedia_think/status/1689145493186908161
+* https://twitter.com/Ghostie0815/status/1689083719070392320
+* https://twitter.com/adam3us/status/1689051705504153600
+* https://twitter.com/secresDoge/status/1689209933898883072
+* https://twitter.com/leashless/status/1689010029910020096
+* https://twitter.com/slashbin_FR/status/1689212181059883009
+* https://twitter.com/matthew_d_green/status/1689047993100410880
+* https://twitter.com/jspaleta/status/1689376047127789570
+* https://twitter.com/UID_/status/1689050776520273922
+* https://twitter.com/katakoto/status/1689384902339526656
+* https://twitter.com/brikk_/status/1689169765883940864
+* https://twitter.com/jtgrassie/status/1689063057534689280
+* https://twitter.com/StronkDev/status/1689046769001537537
+* https://twitter.com/RSync25/status/1689213744734220288
+* https://twitter.com/joemphilips/status/1689143686096146433
+* https://twitter.com/isislovecruft/status/1689331203684577280?s=51