3cf9570220
|
||
|---|---|---|
| README.md | ||
README.md
Notes
We publish most of our content on https://milksad.info or in one of the other repositories.
This is a small collection of notes which didn't fit anywhere else.
Ressources
This is not exhaustive, see our blog posts for more context.
Similar Research
- https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/, CVE-2023-31290
Victims & Analysis Social Media Posts
- https://www.reddit.com/r/Bitcoin/comments/157ze5i/my_bitcoin_was_taken_how/, now partially deleted
- https://www.reddit.com/r/Bitcoin/comments/158nyuo/mass_hacking_of_over_1000_bitcoin_accounts/
Potentially Related Press
Interesting Tools
Software we found during our research. We don't endorse these tools and can't vouch for them in any way.
- https://github.com/altf4/untwister
- https://github.com/Houzich/CUDA-GPU-Brute-Force-Mnemonic-Ethereum
Public Reaction to Milk Sad Disclosure
News
- https://bitcoinmagazine.com/technical/the-milk-sad-vulnerability-and-what-it-means-for-bitcoin
- https://newsletter.mollywhite.net/p/issue-36
- https://euro.dayfr.com/business/amp/666814
- https://bitcoinworld.co.in/disappearance-of-900k-puts-focus-on-vintage-bitcoin-project-libbitcoin/
- https://www.binance.com/en-IN/feed/post/2023-08-14-major-vulnerability-in-bitcoin-libbitcoin-explorer-tool-fixed-961627
- https://www.coindesk.com/tech/2023/08/14/disappearance-of-900k-puts-focus-on-vintage-bitcoin-project-libbitcoin/
- https://www.cryptopolitan.com/libbitcoin-explorers-version-3-x-faces-severe-security-breach-users-funds-endangered/
- https://coinnounce.com/vintage-bitcoin-project-libbitcoin-loses-900k/
- https://unchainedcrypto.com/milk-sad-issue-results-in-900000-stolen-from-crypto-wallets/
- https://finance.yahoo.com/news/disappearance-900k-puts-focus-vintage-020100877.html
- https://www.msn.com/en-us/news/technology/libbitcoin-explorer-s-version-3-x-faces-severe-security-breach-users-funds-endangered/ar-AA1f8wL1
- https://www.bitcoininsider.org/article/222643/crypto-security-breach-hackers-exploit-bitcoin-wallet-vulnerability-make-900k
- https://www.investing.com/news/cryptocurrency-news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-900k--slowmist-3151825
- https://headtopics.com/us/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-900k-slowmist-42034707
- https://cointelegraph.com/news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-funds-slow-mist
- https://www.schneier.com/blog/archives/2023/08/cryptographic-flaw-in-libbitcoin-explorer-cryptocurrency-wallet.html (no biggie)
- https://bitcoinops.org/en/newsletters/2023/08/09/
- https://www.web3isgoinggreat.com/?id=libbitcoin-vulnerability
- https://medium.com/asecuritysite-when-bob-met-alice/a-novice-mistake-meet-milk-sad-and-the-32-bit-key-ba308fb2b633
- https://thenationview.com/cryptocurrency/203129.html
- https://www.nobsbitcoin.com/milk-sad-vulnerability-disclosure/
- https://cointimes.com.br/milk-sad-1000-carteiras-de-bitcoin-roubadas-em-vulnerabilidade-que-afetou-milhoes-de-dolares-veja-se-voce-foi-comprometido/
- https://russia.postsen.com/business/amp/392963
- https://bitcoinist.com/crypto-breach-hackers-make-off-with-900k/
- https://decrypt.co/news-explorer?pinned=266091&title=libbitcoins-vulnerability-allowed-hackers-to-make-off-with-at-least-900000-in-user-funds
- https://protos.com/crypto-wallet-seeds-crackable-with-gaming-pc-via-this-security-flaw/
- https://www.securitylab.ru/news/540834.php
- https://unchainedcrypto.substack.com/p/should-sbf-have-stayed-silent
- https://www.cryptotimes.io/bug-in-libbitcoin-explorer-3-x-allows-hacker-to-steal-900k/
Videos
- https://www.youtube.com/watch?v=PHdsyG7ZoM4 (Crypto World Daily)
- https://www.youtube.com/watch?v=XKGMYii0wdA (BlockChain Caffe)
- https://www.youtube.com/watch?v=GXwpTlSBtrk (Bitcoin Review)
- https://www.youtube.com/watch?v=R37Zmx7VopY (Olaf Ihle)
- https://www.youtube.com/watch?v=3uwl5xDdc7c (pubkey nyc)
- https://www.youtube.com/watch?v=GXwpTlSBtrk (bitcoin review)
- https://www.youtube.com/watch?v=aBhr4QnjggQ (explaining bitcoin)
Podcasts
- https://poddtoppen.se/podcast/1617044319/asecuritysite-podcast/bill-buchanan-a-novice-mistake-meet-milk-sad-and-the-32-bit-key
- https://bitcoinops.org/en/podcast/2023/08/10/
Forums
- https://lobste.rs/s/mhveku/milk_sad
- https://www.metafilter.com/200276/Milk-Sad
- https://news.ycombinator.com/item?id=37054862
- https://stacker.news/items/221860
- https://www.pipiscrew.com/threads/milk-sad-weak-entropy-in-libbitcoin-bc-seed-generation.85195/#post-84070
- https://www.reddit.com/r/Bitcoin/comments/15lu8ps/milk_sad_a_practical_explanation_of_how_weak/
- https://www.reddit.com/r/CryptoCurrencyClassic/comments/15mirw5/milk_sad_vulnerability_cve202339910_in_libbitcoin/
- https://www.reddit.com/r/programmingcirclejerk/comments/15lv4md/the_bx_seed_subcommand_for_generation_of_new/
- https://www.reddit.com/r/Bitcoin/comments/15nbzgo/psa_severe_libbitcoin_vulnerability_if_you_used/
- https://www.reddit.com/r/coldcard/comments/15n9gww/milk_sad_wallet_vulnerability/
- https://www.reddit.com/r/CryptoCurrencyClassic/comments/15ngyk2/major_rng_in_seed_generation_was_disclosed/
- https://www.reddit.com/r/btc/comments/15n383k/milk_sad_vulnerability_a_practical_explanation_of/
- https://www.reddit.com/r/Electrum/comments/15npvwy/has_electrum_ever_been_exposed_to_the_milk_sad/
Git
- https://github.com/spesmilo/electrum/issues/8570
- https://github.com/bitcoinbook/bitcoinbook/issues/1082
- https://github.com/MelbourneBitDevs/MelbBitDevs/issues/9
- https://github.com/LedgerHQ/app-ethereum/issues/462
- https://github.com/LedgerHQ/app-bitcoin/issues/244
- https://github.com/libbitcoin/libbitcoin-explorer/issues/728
- https://github.com/libbitcoin/libbitcoin-explorer/issues/726
- https://github.com/libbitcoin/libbitcoin-explorer/pull/729
Fediverse
- https://www.linkedin.com/posts/alivaja_milk-sad-disclosure-activity-7094781878552973312-3sIr
- https://www.linkedin.com/posts/jnaulty_bitcoin-cryptocurrency-cryptography-activity-7094980987868106752-6DTv
- https://www.linkedin.com/posts/activity-7095248467765170177-9QEw
The website formerly known as Twitter
- https://twitter.com/SlowMist_Team/status/1689593659606630400
- https://twitter.com/klever_io/status/1679267565434986501
- https://twitter.com/cmichelio/status/1689686030457217033
- https://twitter.com/tdryja/status/1689285003782340608
- https://twitter.com/gopal_bharvad/status/1689295644261785600
- https://twitter.com/utxoclub/status/1689323302408306688?s=20
- https://twitter.com/SCBuergel/status/1689428445686792192
- https://twitter.com/midmagic/status/1689398329875300356
- https://twitter.com/bitkarrot/status/1689392632701845507
- https://twitter.com/isislovecruft/status/1689331203684577280
- https://twitter.com/JuanSGalt/status/1689321099799011337
- https://twitter.com/molly0xFFF/status/1689369708762472449
- https://twitter.com/BawdyAnarchist_/status/1689322971117101066
- https://twitter.com/hrdng/status/1689022029142560771
- https://twitter.com/JohnNaulty/status/1689225812543766528
- https://twitter.com/h0wlu/status/1689211942236303360
- https://twitter.com/drgrove92/status/1689011743786475520
- https://twitter.com/NikolRo1/status/1689294137445498881
- https://twitter.com/n1ckler/status/1689026658408259585
- https://twitter.com/BlockchainDoug/status/1689039042078248960
- https://twitter.com/SeedSigner/status/1689076185714552833
- https://twitter.com/chromatic_x/status/1689012605162319873
- https://twitter.com/thepizzaknight_/status/1689080119678095360
- https://twitter.com/mrgretzky/status/1689180158937223168
- https://twitter.com/echa_io/status/1689098730673524736
- https://twitter.com/turnkeyhq/status/1689035139773267968
- https://twitter.com/techmedia_think/status/1689145493186908161
- https://twitter.com/Ghostie0815/status/1689083719070392320
- https://twitter.com/adam3us/status/1689051705504153600
- https://twitter.com/secresDoge/status/1689209933898883072
- https://twitter.com/leashless/status/1689010029910020096
- https://twitter.com/slashbin_FR/status/1689212181059883009
- https://twitter.com/matthew_d_green/status/1689047993100410880
- https://twitter.com/jspaleta/status/1689376047127789570
- https://twitter.com/UID_/status/1689050776520273922
- https://twitter.com/katakoto/status/1689384902339526656
- https://twitter.com/brikk_/status/1689169765883940864
- https://twitter.com/jtgrassie/status/1689063057534689280
- https://twitter.com/StronkDev/status/1689046769001537537
- https://twitter.com/RSync25/status/1689213744734220288
- https://twitter.com/joemphilips/status/1689143686096146433
- https://twitter.com/isislovecruft/status/1689331203684577280?s=51