Libbitcoin, a project that was thought to be secure, has been exposed as unsafe after hackers stole about $900,000 from various users in the last few months.
The security breach was revealed by Distrust, a security firm that detected the flaw in July with the help of some independent researchers.
They published their findings on milksad.info, a website that explains how the hackers exploited a rare vulnerability in some wallets created by the Libbitcoin explorer, or BX.
The report calls the vulnerability “Milk Sad” because those were the first two words of a seed phrase for recovering a wallet that was affected by the flaw.
The biggest theft happened on July 12, when 29.65 bitcoin (BTC), worth around $870,000 at the time, were taken from one wallet.
Distrust estimates that at least $900,000 was stolen across different blockchains from about 2,600 bitcoin wallets that were vulnerable.
The report says that hardware wallets like Trezor and Ledger were not affected, but there are still some wallets that are at risk.
