Hash Race Poison Attack

A critical vulnerability arising from the lack of thread safety in the caching of cryptographic hashes in Bitcoin’s transaction signing infrastructure opens the door to one of the most devastating attacks on the cryptocurrency’s integrity. Hash Race Poison attacks transform multithreading, designed to speed up wallets and services, into a tool for mass compromise: a single thread race is enough to leak fragments of private keys, forge digital signatures, or even steal funds entirely.

The Hash Race Poison Attack creates a situation where neglecting thread safety in cryptographic implementations becomes a fundamental risk for the entire Bitcoin ecosystem. This attack can destroy trust in transactions, compromise wallets, and threaten the security of funds, as signatures can be forged and keys compromised. To prevent such attacks, it is critical to use only thread-safe approaches to cryptographic data caching and isolated computations within each thread.

---

Research paper: The Impact of the Hash Race Poison Multi-Threaded Hash Attack on Bitcoin Security

This paper analyzes a critical vulnerability that arises from improper caching of intermediate hash data in multithreaded transaction signing implementations of Bitcoin-like cryptosystems. It demonstrates how this can lead to the leakage of private keys, the forgery of digital signatures, and other attacks on Bitcoin’s security layer. The scientific name of the attack is given and the current status of vulnerability identifiers is presented.

---

How a vulnerability arises and the nature of an attack

Modern Bitcoin transaction signing implementations often utilize an optimization called hash caching. However, without isolation of these caches between threads and proper synchronization approaches, a so-called “race condition” occurs. By exploiting the race condition in multi-threaded signature processing, an attacker can tamper with data in caches, gain access to intermediate hash states, or inject their own values ​​into signatures, potentially leaking secret keys or nonces. sciencedirect+3

As a result, an attacker can gather data to compromise private keys or create transactions with forged signatures (forging). The attack, called “Hash Race Poison Attack,” is based on inducing races in insecure caching and analyzing incorrectly formed signatures and/or their pre-images. cryptodeeptech+1

---

Impact on Bitcoin and Cryptocurrencies

• Compromised private keys : A leak of internal state data may allow the recovery of the private key or nonce used for ECDSA/Bitcoin signatures. christian-rossow+1
• Digital signature forging : It is possible to generate a valid but “poisonous” signature, allowing an attacker to make unauthorized transactions. cryptodeeptech
• Mass wallet compromise : For large services and wallets that use multi-threaded APIs for high TPS, an attack can affect many users at once, leading to massive loss of funds.

---

Scientific name of the attack

In scientific literature, this class of vulnerabilities and attacks is designated as:

• Thread-Unsafe Hash Caching Attack
• Multithreaded Hash Race Attack
• Proposed term: Hash Race Poison Attack (used to describe the specificity of injecting foreign data into a hash through a thread race). acm+2

Related to the scientific concept of signature forgery via race condition in cryptographic hash preimages.

---

CVE status

As of September 2025, this class of attacks is not assigned to a specific CVE notice specific to Bitcoin and the described behavior. However, related vulnerabilities (e.g., Digital Signature Forgery in cryptography, related to race conditions) have been described for other implementations and included in vulnerability databases. The closest CVEs for Bitcoin Core concern other classes—for example, CVE-2010-5139, CVE-2013-3220, CVE-2024-38365—but cache-gone-races or poison-indications have not yet been officially registered in the CVE catalog as of September 2025. cve+2

---

Conclusion

The Hash Race Poison Attack creates a situation where neglecting thread safety in cryptographic implementations becomes a fundamental risk for the entire Bitcoin ecosystem. This attack can destroy trust in transactions, compromise wallets, and threaten the security of funds, as signatures can be forged and keys compromised. To prevent such attacks, it is critical to use only thread-safe approaches to cryptographic data caching and isolated computations within each thread. arxiv+4

---

Keywords: thread-unsafe, hash race, signature forgery, Bitcoin, multicore, side-channel, signature hash, cryptocurrency, wallet attack

---

Cryptographic vulnerability

Cryptographic vulnerability inversion0_sighash

The primary vulnerability lies in attempting to use cached hashes of points ( double_hash_points) and sequences ( double_hash_sequences) without any synchronization in a multi-threaded environment. This can lead to data races and leaks of intermediate values ​​(including secret components) if two threads attempt to simultaneously sign different inputs of the same transaction.

In particular, the vulnerability manifests itself in the line:

cpp:

sink.write_bytes(!anyone ? double_hash_points() : null_hash);

– here double_hash_points()it takes the cached value of the hash of the points of the previous operation, but the cache is updated “on demand” without a mutex or other lock.

---

---

Attempting to retrieve and write this field from different threads simultaneously may leak data from the internal hash buffer, potentially exposing secret keys or one-time nonces.

Vulnerability details

1. Caching without synchronization
   Methods double_hash_points()and double_hash_sequences()store intermediate hash results in static (or object fields) variables.
2. Data race
   Two threads enter version0_sighash, one thread has already written part of the pre-image, cached the hash of points, and the second thread can read an incomplete or partially updated buffer.
3. Secret Data Leak
   Due to a race condition, an incomplete block of data may be written to the cache, but on the next write, this block will appear in the signature output stream, allowing an attacker to analyze the contents of the hash’s internal state.

Recommendations for correction

• Remove internal caching and always recalculate double_hash_points()for double_hash_sequences()each call.
• If caching is necessary, wrap access to it in a mutex or use atomic data structures.
• Ensure complete thread safety of the methods for generating the signature pre-image.

—
Vulnerability line:

cpp:

    sink.write_bytes(!anyone ? double_hash_points() : null_hash);
    // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    // Здесь происходит некорректное кэширование без синхронизации.

---

---

Dockeyhunt Cryptocurrency Price

Successful Recovery Demonstration: 12.33410000 BTC Wallet

Case Study Overview and Verification

The research team at CryptoDeepTech successfully demonstrated the practical impact of vulnerability by recovering access to a Bitcoin wallet containing 12.33410000 BTC (approximately $1550704.7225 at the time of recovery). The target wallet address was 1GPmGidNvGv2JML4fTusCeYJ6NkSPCzxRU, a publicly observable address on the Bitcoin blockchain with confirmed transaction history and balance.

This demonstration served as empirical validation of both the vulnerability’s existence and the effectiveness of Attack methodology.

---

www.privkey.ru

---

The recovery process involved methodical application of exploit to reconstruct the wallet’s private key. Through analysis of the vulnerability’s parameters and systematic testing of potential key candidates within the reduced search space, the team successfully identified the valid private key in Wallet Import Format (WIF): 5JrWLZQVeSJmE6zNEYbwkYBfYVVBr6K3s8Gi736nYFdWzoEC1rc

This specific key format represents the raw private key with additional metadata (version byte, compression flag, and checksum) that allows for import into most Bitcoin wallet software.

---

www.bitcolab.ru/bitcoin-transaction [WALLET RECOVERY: $ 1550704.7225]

---

Technical Process and Blockchain Confirmation

The technical recovery followed a multi-stage process beginning with identification of wallets potentially generated using vulnerable hardware. The team then applied methodology to simulate the flawed key generation process, systematically testing candidate private keys until identifying one that produced the target public address through standard cryptographic derivation (specifically, via elliptic curve multiplication on the secp256k1 curve).

---

BLOCKCHAIN MESSAGE DECODER: www.bitcoinmessage.ru

---

Upon obtaining the valid private key, the team performed verification transactions to confirm control of the wallet. These transactions were structured to demonstrate proof-of-concept while preserving the majority of the recovered funds for legitimate return processes. The entire process was documented transparently, with transaction records permanently recorded on the Bitcoin blockchain, serving as immutable evidence of both the vulnerability’s exploitability and the successful recovery methodology.

---

0100000001b964c07b68fdcf5ce628ac0fffae45d49c4db5077fddfc4535a167c416d163ed000000008a4730440220462ca869f802caf8b41e45ba709a9d0dc5dbfa3431723d7bc3b331c2ddba74e902204fc95e51d05179f5b7e8246ad7d4e39c8945ccb4ecdf566d1f9ce905f0beb92001410499d5d2ffd1bf39c84d3fb42729d5280ede4cfa16b3dc119d7c7ee343a444264e30ce7b2267cfd4a1be2b843b567408128ac104a513ca837c97133e538a0d79d5ffffffff030000000000000000476a457777772e626974636f6c61622e72752f626974636f696e2d7472616e73616374696f6e205b57414c4c4554205245434f564552593a202420313535303730342e373232355de8030000000000001976a914a0b0d60e5991578ed37cbda2b17d8b2ce23ab29588ac61320000000000001976a914a8d7fe54cf3f9c974f9e2b5611e0d8160d518e3488ac00000000

---

Cryptographic analysis tool is designed for authorized security audits upon Bitcoin wallet owners’ requests, as well as for academic and research projects in the fields of cryptanalysis, blockchain security, and privacy — including defensive applications for both software and hardware cryptocurrency storage systems.

---

CryptoDeepTech Analysis Tool: Architecture and Operation

Tool Overview and Development Context

The research team at CryptoDeepTech developed a specialized cryptographic analysis tool specifically designed to identify and exploit vulnerability. This tool was created within the laboratories of the Günther Zöeir research center as part of a broader initiative focused on blockchain security research and vulnerability assessment. The tool’s development followed rigorous academic standards and was designed with dual purposes: first, to demonstrate the practical implications of the weak entropy vulnerability; and second, to provide a framework for security auditing that could help protect against similar vulnerabilities in the future.

The tool implements a systematic scanning algorithm that combines elements of cryptanalysis with optimized search methodologies. Its architecture is specifically designed to address the mathematical constraints imposed by vulnerability while maintaining efficiency in identifying vulnerable wallets among the vast address space of the Bitcoin network. This represents a significant advancement in blockchain forensic capabilities, enabling systematic assessment of widespread vulnerabilities that might otherwise remain undetected until exploited maliciously.

---

Technical Architecture and Operational Principles

The CryptoDeepTech analysis tool operates on several interconnected modules, each responsible for specific aspects of the vulnerability identification and exploitation process:

1. Vulnerability Pattern Recognition Module: This component identifies the mathematical signatures of weak entropy in public key generation. By analyzing the structural properties of public keys on the blockchain, it can flag addresses that exhibit characteristics consistent with vulnerability.
2. Deterministic Key Space Enumeration Engine: At the core of the tool, this engine systematically explores the reduced keyspace resulting from the entropy vulnerability. It implements optimized search algorithms that dramatically reduce the computational requirements compared to brute-force approaches against secure key generation.
3. Cryptographic Verification System: This module performs real-time verification of candidate private keys against target public addresses using standard elliptic curve cryptography. It ensures that only valid key pairs are identified as successful recoveries.
4. Blockchain Integration Layer: The tool interfaces directly with Bitcoin network nodes to verify addresses, balances, and transaction histories, providing contextual information about vulnerable wallets and their contents.

The operational principles of the tool are grounded in applied cryptanalysis, specifically targeting the mathematical weaknesses introduced by insufficient entropy during key generation. By understanding the precise nature of the ESP32 PRNG flaw, researchers were able to develop algorithms that efficiently navigate the constrained search space, turning what would normally be an impossible computational task into a feasible recovery operation.

---

#	Source & Title	Main Vulnerability	Affected Wallets / Devices	CryptoDeepTech Role	Key Evidence / Details
1	CryptoNews.net Chinese chip used in bitcoin wallets is putting traders at risk	Describes CVE‑2025‑27840 in the Chinese‑made ESP32 chip, allowing unauthorized transaction signing and remote private‑key theft.	ESP32‑based Bitcoin hardware wallets and other IoT devices using ESP32.	Presents CryptoDeepTech as a cybersecurity research firm whose white‑hat hackers analyzed the chip and exposed the vulnerability.	Notes that CryptoDeepTech forged transaction signatures and decrypted the private key of a real wallet containing 10 BTC, proving the attack is practical.
2	Bitget News Potential Risks to Bitcoin Wallets Posed by ESP32 Chip Vulnerability Detected	Explains that CVE‑2025‑27840 lets attackers bypass security protocols on ESP32 and extract wallet private keys, including via a Crypto‑MCP flaw.	ESP32‑based hardware wallets, including Blockstream Jade Plus (ESP32‑S3), and Electrum‑based wallets.	Cites an in‑depth analysis by CryptoDeepTech and repeatedly quotes their warnings about attackers gaining access to private keys.	Reports that CryptoDeepTech researchers exploited the bug against a test Bitcoin wallet with 10 BTC and highlight risks of large‑scale attacks and even state‑sponsored operations.
3	Binance Square A critical vulnerability has been discovered in chips for bitcoin wallets	Summarizes CVE‑2025‑27840 in ESP32: permanent infection via module updates and the ability to sign unauthorized Bitcoin transactions and steal private keys.	ESP32 chips used in billions of IoT devices and in hardware Bitcoin wallets such as Blockstream Jade.	Attributes the discovery and experimental verification of attack vectors to CryptoDeepTech experts.	Lists CryptoDeepTech’s findings: weak PRNG entropy, generation of invalid private keys, forged signatures via incorrect hashing, ECC subgroup attacks, and exploitation of Y‑coordinate ambiguity on the curve, tested on a 10 BTC wallet.
4	Poloniex Flash Flash 1290905 – ESP32 chip vulnerability	Short alert that ESP32 chips used in Bitcoin wallets have serious vulnerabilities (CVE‑2025‑27840) that can lead to theft of private keys.	Bitcoin wallets using ESP32‑based modules and related network devices.	Relays foreign‑media coverage of the vulnerability; implicitly refers readers to external research by independent experts.	Acts as a market‑news pointer rather than a full analysis, but reinforces awareness of the ESP32 / CVE‑2025‑27840 issue among traders.
5	X (Twitter) – BitcoinNewsCom Tweet on CVE‑2025‑27840 in ESP32	Announces discovery of a critical vulnerability (CVE‑2025‑27840) in ESP32 chips used in several well‑known Bitcoin hardware wallets.	“Several renowned Bitcoin hardware wallets” built on ESP32, plus broader crypto‑hardware ecosystem.	Amplifies the work of security researchers (as reported in linked articles) without detailing the team; underlying coverage credits CryptoDeepTech.	Serves as a rapid‑distribution news item on X, driving traffic to long‑form articles that describe CryptoDeepTech’s exploit demonstrations and 10 BTC test wallet.
6	ForkLog (EN) Critical Vulnerability Found in Bitcoin Wallet Chips	Details how CVE‑2025‑27840 in ESP32 lets attackers infect microcontrollers via updates, sign unauthorized transactions, and steal private keys.	ESP32 chips in billions of IoT devices and in hardware wallets like Blockstream Jade.	Explicitly credits CryptoDeepTech experts with uncovering the flaws, testing multiple attack vectors, and performing hands‑on exploits.	Describes CryptoDeepTech’s scripts for generating invalid keys, forging Bitcoin signatures, extracting keys via small subgroup attacks, and crafting fake public keys, validated on a real‑world 10 BTC wallet.
7	AInvest Bitcoin Wallets Vulnerable Due To ESP32 Chip Flaw	Reiterates that CVE‑2025‑27840 in ESP32 allows bypassing wallet protections and extracting private keys, raising alarms for BTC users.	ESP32‑based Bitcoin wallets (including Blockstream Jade Plus) and Electrum‑based setups leveraging ESP32.	Highlights CryptoDeepTech’s analysis and positions the team as the primary source of technical insight on the vulnerability.	Mentions CryptoDeepTech’s real‑world exploitation of a 10 BTC wallet and warns of possible state‑level espionage and coordinated theft campaigns enabled by compromised ESP32 chips.
8	Protos Chinese chip used in bitcoin wallets is putting traders at risk	Investigates CVE‑2025‑27840 in ESP32, showing how module updates can be abused to sign unauthorized BTC transactions and steal keys.	ESP32 chips inside hardware wallets such as Blockstream Jade and in many other ESP32‑equipped devices.	Describes CryptoDeepTech as a cybersecurity research firm whose white‑hat hackers proved the exploit in practice.	Reports that CryptoDeepTech forged transaction signatures via a debug channel and successfully decrypted the private key of a wallet containing 10 BTC, underscoring their advanced cryptanalytic capabilities.
9	CoinGeek Blockstream’s Jade wallet and the silent threat inside ESP32 chip	Places CVE‑2025‑27840 in the wider context of hardware‑wallet flaws, stressing that weak ESP32 randomness makes private keys guessable and undermines self‑custody.	ESP32‑based wallets (including Blockstream Jade) and any DIY / custom signers built on ESP32.	Highlights CryptoDeepTech’s work as moving beyond theory: they actually cracked a wallet holding 10 BTC using ESP32 flaws.	Uses CryptoDeepTech’s successful 10 BTC wallet exploit as a central case study to argue that chip‑level vulnerabilities can silently compromise hardware wallets at scale.
10	Criptonizando ESP32 Chip Flaw Puts Crypto Wallets at Risk as Hackers …	Breaks down CVE‑2025‑27840 as a combination of weak PRNG, acceptance of invalid private keys, and Electrum‑specific hashing bugs that allow forged ECDSA signatures and key theft.	ESP32‑based cryptocurrency wallets (e.g., Blockstream Jade) and a broad range of IoT devices embedding ESP32.	Credits CryptoDeepTech cybersecurity experts with discovering the flaw, registering the CVE, and demonstrating key extraction in controlled simulations.	Describes how CryptoDeepTech silently extracted the private key from a wallet containing 10 BTC and discusses implications for Electrum‑based wallets and global IoT infrastructure.
11	ForkLog (RU) В чипах для биткоин‑кошельков обнаружили критическую уязвимость	Russian‑language coverage of CVE‑2025‑27840 in ESP32, explaining that attackers can infect chips via updates, sign unauthorized transactions, and steal private keys.	ESP32‑based Bitcoin hardware wallets (including Blockstream Jade) and other ESP32‑driven devices.	Describes CryptoDeepTech specialists as the source of the research, experiments, and technical conclusions about the chip’s flaws.	Lists the same experiments as the English version: invalid key generation, signature forgery, ECC subgroup attacks, and fake public keys, all tested on a real 10 BTC wallet, reinforcing CryptoDeepTech’s role as practicing cryptanalysts.
12	SecurityOnline.info CVE‑2025‑27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide	Supporters‑only deep‑dive into CVE‑2025‑27840, focusing on how a small ESP32 design flaw can compromise Bitcoin wallets on a global scale.	Bitcoin wallets and other devices worldwide that rely on ESP32 microcontrollers.	Uses an image credited to CryptoDeepTech and presents the report as a specialist vulnerability analysis built on their research.	While the full content is paywalled, the teaser makes clear that the article examines the same ESP32 flaw and its implications for wallet private‑key exposure, aligning with CryptoDeepTech’s findings.

---

VulnKeyHunter: Exploiting Libbitcoin Entropy Vulnerabilities for Bitcoin Private Key Recovery Through Critical CVE-2023-39910 Implementation

VulnKeyHunter represents a sophisticated cryptanalysis tool designed specifically to exploit fundamental vulnerabilities in the Libbitcoin Explorer library, particularly targeting the critical “Milk Sad” vulnerability (CVE-2023-39910). This comprehensive analysis examines how VulnKeyHunter leverages weak entropy generation mechanisms in Bitcoin wallet creation processes to facilitate the recovery of lost private keys and potentially compromise cryptocurrency security. The tool exploits the catastrophic weakness in Libbitcoin Explorer versions 3.0.0 through 3.6.0, where the use of Mersenne Twister mt19937 PRNG restricts cryptographic entropy to merely 32 bits instead of the required 256 bits. Through systematic exploitation of this vulnerability, VulnKeyHunter enables attackers to recover private keys within days using moderate computational resources, fundamentally undermining Bitcoin wallet security and enabling large-scale cryptocurrency theft.b8c+3

Introduction

The security of Bitcoin and cryptocurrency systems fundamentally relies on the cryptographic strength of private key generation mechanisms. However, implementation vulnerabilities in widely-used libraries can catastrophically compromise this security foundation. VulnKeyHunter emerges as a powerful demonstration of how systematic cryptanalysis can exploit such vulnerabilities, specifically targeting the Libbitcoin Explorer’s entropy generation weakness that has already resulted in over $900,000 in documented cryptocurrency thefts.github+3

The tool’s significance extends beyond theoretical cryptanalysis, representing a practical implementation of vulnerability exploitation that has real-world implications for Bitcoin security. By targeting the fundamental entropy generation process used in hierarchical deterministic (HD) wallet creation, VulnKeyHunter exposes how seemingly minor implementation flaws can lead to complete cryptographic system compromise.b8c

Technical Foundation: The Milk Sad Vulnerability (CVE-2023-39910)

Vulnerability Description

The critical vulnerability that VulnKeyHunter exploits centers on the catastrophic weakness in Libbitcoin Explorer’s entropy seeding mechanism. The vulnerability, formally designated as CVE-2023-39910 and colloquially known as “Milk Sad,” affects Libbitcoin Explorer versions 3.0.0 through 3.6.0. The core issue stems from the library’s reliance on the Mersenne Twister mt19937 pseudorandom number generator (PRNG) for cryptographic entropy generation, a fundamentally insecure choice for cryptographic applications.incibe+3

Entropy Limitation Analysis

The Mersenne Twister implementation restricts internal entropy to exactly 32 bits regardless of configuration settings. This represents a catastrophic reduction from the 256-bit entropy required for secure Bitcoin private key generation. The mathematical implications are devastating: instead of 2^256 possible private keys (approximately 1.16 × 10^77), the effective key space is reduced to merely 2^32 combinations (4,294,967,296 unique possibilities).github+2

VulnKeyHunter exploits this entropy weakness through systematic brute-force analysis. A modern gaming computer can exhaustively search the entire 2^32 key space within 24-48 hours, making previously secure wallets completely vulnerable to attack. This represents one of the most severe cryptographic vulnerabilities ever discovered in Bitcoin infrastructure.milksad+1

Implementation Mechanics

The vulnerability manifests in the bx seed command implementation, where the pseudorandom number generator is initialized using 32-bit system time as the sole entropy source. VulnKeyHunter reverse-engineers this process by:github

1. Time-based Seed Reconstruction: Analyzing potential wallet creation timestamps to narrow the search space
2. Mersenne Twister State Recreation: Implementing the exact mt19937 algorithm used by vulnerable Libbitcoin versions
3. Hierarchical Deterministic Key Derivation: Following BIP32/BIP44 standards to generate complete wallet structures from compromised seedsb8c

VulnKeyHunter Architecture and Methodology

Core Exploitation Framework

VulnKeyHunter implements a multi-stage approach to vulnerability exploitation:b8c+1

Stage 1: Target Identification

• Blockchain analysis to identify wallets potentially created with vulnerable Libbitcoin versions
• Transaction pattern analysis to determine wallet creation timeframes
• Address clustering to identify related wallet addresses

Stage 2: Entropy Space Reduction

• Timestamp analysis to constrain potential seed values
• Geographic and timezone correlation to further reduce search space
• Implementation of optimized Mersenne Twister reconstruction algorithms

Stage 3: Private Key Recovery

• Parallel brute-force implementation across multiple CPU/GPU cores
• Real-time validation of generated keys against target addresses
• Hierarchical derivation of all related wallet addresses

Advanced Cryptanalysis Techniques

VulnKeyHunter employs sophisticated cryptanalysis methods beyond simple brute-force attacks:b8c

Temporal Analysis: The tool analyzes blockchain timestamps and correlates them with system time patterns to significantly reduce the effective search space. Since the Mersenne Twister is seeded with system time, knowledge of approximate wallet creation times dramatically improves attack efficiency.

Pattern Recognition: The tool implements machine learning algorithms to identify common entropy patterns and optimize search strategies based on observed wallet creation behaviors.b8c

Distributed Computing: VulnKeyHunter supports distributed processing across multiple machines, enabling rapid scaling of computational resources for large-scale recovery operations.

Critical Impact on Bitcoin Security Infrastructure

Financial Implications

The exploitation of CVE-2023-39910 through tools like VulnKeyHunter has resulted in documented losses exceeding $900,000 in Bitcoin and other cryptocurrencies. However, this figure represents only known cases, with the actual impact potentially reaching millions of dollars as attackers have systematically targeted vulnerable wallets since the vulnerability’s discovery.github+1

The attack vector is particularly insidious because it enables remote theft without physical access to victim devices. Even users who store their wallet files in bank safes remain vulnerable, as the cryptographic weakness allows attackers to independently regenerate private keys.inhq+1

Systematic Exploitation Campaigns

Evidence suggests that sophisticated attackers have been systematically exploiting this vulnerability since June 2023, conducting large-scale campaigns to identify and drain vulnerable wallets. The coordinated nature of these attacks indicates the existence of automated tools similar to VulnKeyHunter being used in the wild.nobsbitcoin+1

VulnKeyHunter’s methodology enables scalable attacks targeting thousands of potentially vulnerable addresses simultaneously. The tool’s ability to process entire blockchain datasets makes it suitable for industrial-scale cryptocurrency theft operations.

Cryptocurrency Ecosystem Vulnerabilities

Beyond direct financial theft, VulnKeyHunter’s exploitation capabilities expose fundamental weaknesses in the cryptocurrency ecosystem’s security assumptions. The tool demonstrates how implementation vulnerabilities in widely-used libraries can compromise the security of entire cryptocurrency networks.bitcoin+1

The vulnerability affects not only individual users but also exchanges, institutional investors, and decentralized finance (DeFi) platforms that may have used vulnerable Libbitcoin implementations for wallet generation.darktrace+1

Connection to Hash Race Poison Attacks

VulnKeyHunter’s exploitation methodology shares conceptual similarities with the Hash Race Poison Attack described in your referenced article. Both vulnerabilities exploit fundamental flaws in cryptographic implementations, though through different vectors:

Shared Characteristics:

• Both attacks target core cryptographic operations in Bitcoin infrastructure
• Both exploit implementation flaws rather than theoretical cryptographic weaknesses
• Both enable remote private key recovery without physical device access
• Both can facilitate large-scale automated attacks

Complementary Attack Vectors:
While Hash Race Poison Attacks target multithreaded hash caching vulnerabilities, VulnKeyHunter exploits entropy generation weaknesses. Sophisticated attackers could potentially combine both approaches for comprehensive cryptocurrency infrastructure compromise.

Countermeasures and Mitigation Strategies

Immediate Response Requirements

Organizations and individuals potentially affected by VulnKeyHunter-style attacks must implement immediate protective measures:

Wallet Migration: All funds stored in wallets potentially created with Libbitcoin Explorer versions 3.0.0-3.6.0 must be immediately transferred to secure wallets created with cryptographically sound entropy generation.tenable+1

Entropy Verification: Implement cryptographic auditing tools to verify the entropy quality of wallet generation processes across all cryptocurrency infrastructure.

Library Updates: Immediate updating of all Libbitcoin implementations to versions that address the entropy generation vulnerability.github

Long-term Security Enhancements

Cryptographic Best Practices: Implementation of cryptographically secure pseudorandom number generators (CSPRNGs) for all cryptocurrency-related entropy generation.cheatsheetseries.owasp+1

Regular Security Auditing: Systematic auditing of cryptographic implementations in cryptocurrency infrastructure to identify and address potential vulnerabilities before exploitation.monovm+1

Entropy Quality Monitoring: Implementation of continuous monitoring systems to verify entropy quality in cryptocurrency wallet generation processes.

Ethical Considerations and Responsible Disclosure

While VulnKeyHunter demonstrates critical security vulnerabilities, its use for unauthorized cryptocurrency theft constitutes criminal activity in most jurisdictions. The tool’s primary value lies in its educational and security research applications, enabling:

• Vulnerability Assessment: Security researchers can use VulnKeyHunter-style analysis to identify potentially compromised wallets
• Infrastructure Hardening: Cryptocurrency platforms can validate their entropy generation security
• Educational Purposes: Demonstrating the critical importance of proper cryptographic implementation

Conclusion

VulnKeyHunter represents a paradigmatic example of how implementation vulnerabilities can catastrophically compromise cryptocurrency security. By exploiting the Milk Sad vulnerability (CVE-2023-39910) in Libbitcoin Explorer, the tool demonstrates the devastating consequences of inadequate entropy generation in cryptographic systems.

The tool’s ability to recover Bitcoin private keys through systematic exploitation of the 32-bit entropy limitation exposes fundamental weaknesses in cryptocurrency security assumptions. With documented losses already exceeding $900,000 and evidence of ongoing systematic exploitation, VulnKeyHunter-style attacks represent one of the most significant threats to Bitcoin security infrastructure.

The vulnerability’s impact extends beyond individual wallet compromise, threatening the foundational security assumptions underlying the entire cryptocurrency ecosystem. Only through immediate implementation of comprehensive mitigation strategies, including wallet migration, library updates, and enhanced entropy generation practices, can the cryptocurrency community address this critical security threat.

VulnKeyHunter serves as a stark reminder that cryptocurrency security depends not only on theoretical cryptographic strength but also on the quality of practical implementations. As the cryptocurrency ecosystem continues to evolve, tools like VulnKeyHunter underscore the critical importance of rigorous security auditing and proper cryptographic implementation practices.

The intersection of VulnKeyHunter’s entropy exploitation with other attack vectors like Hash Race Poison attacks demonstrates the multi-faceted nature of cryptocurrency security threats. Only through comprehensive security strategies that address implementation vulnerabilities at every level can the cryptocurrency community build truly secure and trustworthy financial infrastructure.

---

Research paper: Cache race in transaction hashing and a solution to the “Hash Race Poison Attack” problem in Bitcoin-like systems

This paper examines a vulnerability in multi-threaded hash caching in Bitcoin’s transaction signing implementation, dubbed the “Hash Race Poison Attack.” It demonstrates how improper caching of intermediate hash function data in the absence of synchronization can lead to the leakage or substitution of cryptographically significant data, compromising private keys and signatures. A recommended secure approach is proposed, along with an example of code protected against this class of attacks.

---

With the growing popularity and complexity of cryptocurrency wallet architectures, the challenges of multithreaded transaction processing are becoming increasingly pressing. Modern transaction signing implementations utilize caching of intermediate hashes to improve performance. However, a cache used without proper synchronization mechanisms becomes a source of critical vulnerabilities: data integrity attacks and secret key leaks through thread races—a “Hash Race Poison Attack.” arxiv+2

---

The emergence of vulnerability

In the transaction signing source code shown above, functions like [ double_hash_points()and] double_hash_sequences()cache hash results, storing them in internal variables (usually class fields). In multithreaded scenarios, when signature operations are called concurrently, different threads can simultaneously read and write these values. Without synchronization, some data from one thread can leak into another—this could result in incorrect or secret data being included in the hash preimage or signature, leading to the compromise of secret keys or nonces. doc.dpdk+2

A Hash Race Poison attack is implemented as follows: an attacker launches a large number of parallel signature operations, initiating a race for the right to write/read a cache value, and observes anomalies in the output or analyzes invalid signatures for sensitive information.

---

Recommended safe approach

To completely eliminate data race and related attacks:

• Disable caching of hashes in shared fields without synchronization.
• For each thread, use either local buffers or static variables of type thread-local (thread_local storage in C++11/14).
• An option is to make each signature operation completely independent and deterministic, recalculating the hashes each time without storing the results between calls.
• If a cache is necessary, provide atomic access/mutexes to protect the cache, although this may impact performance. stackoverflow+2

---

Secure implementation (C++ code example)

Before fix (vulnerable fragment)

cpphash_digest double_hash_points() const {
    if (!cached_points_hash_valid_) {
        // Считаем хеш и записываем в кэш
        cached_points_hash_ = compute_points_hash();
        cached_points_hash_valid_ = true;
    }
    return cached_points_hash_;
}

Problem: one thread writes, the second reads variables without synchronization.

After fix (safe fragment in C++11 and higher)

Option 1: Abandoning the cache – recalculating every time

cpphash_digest double_hash_points() const {
    // Всегда пересчитываем hash, ничего не кешируем
    return compute_points_hash();
}

Option 2: thread_local cache for multi-threaded scenarios

cpphash_digest double_hash_points() const {
    thread_local hash_digest local_points_hash;
    thread_local bool local_points_hash_valid = false;
    if (!local_points_hash_valid) {
        local_points_hash = compute_points_hash();
        local_points_hash_valid = true;
    }
    return local_points_hash;
}

Note: It’s better to do it without a cache at all, especially in critical cryptographic libraries. avsystem+1

---

Conclusion

Cache race vulnerabilities in multithreaded cryptographic libraries are critical and require a conscious approach at both the design and implementation stages. Best practice for secure systems is to avoid caching state between threads or, at a minimum, to isolate threads (thread local storage) for storing intermediate results. Such measures ensure that “Hash Race Poison” attacks are not exploited and that users’ private keys are reliably protected. arxiv+3

---

Keywords: hash race, multithreading, thread safety, wallet attack, hash caching, private key, cryptography, blockchain security.

---

Final scientific conclusion

A critical vulnerability arising from the lack of thread safety in the caching of cryptographic hashes in Bitcoin’s transaction signing infrastructure opens the door to one of the most devastating attacks on the cryptocurrency’s integrity. Hash Race Poison attacks transform multithreading, designed to speed up wallets and services, into a tool for mass compromise: a single thread race is enough to leak fragments of private keys, forge digital signatures, or even steal funds entirely.

This problem poses an existential threat not only to individual users but to the entire Bitcoin network, calling into question the reliability of its fundamental security guarantees. Unlike traditional network and protocol attacks, it undermines the most sacred of all—trust in the blockchain’s cryptographic foundation.

Without immediate implementation of thread-safe hashing methods and the elimination of insecure caching, even the most modern implementations become targets for an elegant and dangerous attack that could lead not only to a targeted attack, but to a massive loss of capital and trust in the cryptocurrency industry as a whole. christian-rossow+2

Hash Race Poison is a wake-up call about the need for attention to cryptographic detail in the era of multi-threaded computing and the risks that could literally push Bitcoin to the brink of extinction . acm+1

---

1. https://www.youtube.com/watch?v=ouaaGRncgfs
2. https://vk.com/@cryptodeeptech-vektory-atak-na-blokchein-i-uyazvimosti-k-smart-kontraktax
3. https://www.coindesk.com/ru/markets/2017/02/25/who-broke-the-sha1-algorithm-and-what-does-it-mean-for-bitcoin
4. https://vk.com/@cryptodeeptech-vector76-attack-issledovanie-i-predotvraschenie-ugroz-dlya-s
5. https://par.nsf.gov/servlets/purl/10292392
6. https://pikabu.ru/story/kvantovyie_ataki_na_bitcoin_chast_2_12444751
7. https://ru.wikipedia.org/wiki/%D0%9A%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B3%D1%80%D0%B0%D1%84%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B0%D1%8F_%D1%85%D0%B5%D1%88-%D1%84%D1%83%D0%BD%D0%BA%D1%86%D0%B8%D1%8F
8. https://cryptodeep.ru/publication/
9. https://ru.wikipedia.org/wiki/%D0%94%D0%BE%D0%BA%D0%B0%D0%B7%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D1%81%D1%82%D0%B2%D0%BE_%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D1%8F_%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D1%8B
10. https://christian-rossow.de/publications/btcsteal-raid2018.pdf
11. https://cryptodeeptech.ru/digital-signature-forgery-attack/
12. https://dl.acm.org/doi/full/10.1145/3596906

1. https://arxiv.org/pdf/2201.11377.pdf
2. http://doc.dpdk.org/guides/prog_guide/thread_safety.html
3. https://avsystem.com/blog/iot/thread-safety-in-software-libraries
4. https://stackoverflow.com/questions/68459717/c-designing-thread-safe-library
5. https://github.com/borgbackup/borg/discussions/6958
6. https://stackoverflow.com/questions/24088295/can-sha1-sha-256-sha-512-be-broken-up-to-run-across-multiple-cores-threads
7. https://en.bitcoin.it/wiki/CryptoNight
8. https://www.elastic.co/security-labs/bit-bybit
9. https://www.scalingparrots.com/en/blockchain-hash-what-is-it/
10. https://www.reddit.com/r/golang/comments/13i1ody/can_i_concatenate_multiple_noncrypto_hash/
11. https://securitybriefing.net/blockchain/how-does-a-hash-help-secure-blockchain-technology/
12. https://arxiv.org/html/2407.08284v1
13. https://shardeum.org/blog/blockchain-hashing/
14. https://stackoverflow.com/questions/564319/achieving-thread-safety
15. https://github.com/weidai11/cryptopp
16. https://www.nadcab.com/blog/hash-in-blockchain-technology
17. https://www.reddit.com/r/java/comments/12zap31/ensuring_the_threadsafety_of_the_entire_codebase/
18. https://pmc.ncbi.nlm.nih.gov/articles/PMC11280832/
19. https://www.geeksforgeeks.org/ethical-hacking/blockchain-hash-function/
20. https://www.mono-project.com/archived/best_practices/

1. https://www.sciencedirect.com/science/article/pii/S1110016821006530
2. https://dl.acm.org/doi/full/10.1145/3596906
3. https://arxiv.org/pdf/2201.11377.pdf
4. https://avsystem.com/blog/iot/thread-safety-in-software-libraries
5. https://cryptodeeptech.ru/digital-signature-forgery-attack/
6. https://christian-rossow.de/publications/btcsteal-raid2018.pdf
7. https://www.cve.org/CVERecord/SearchResults?query=bitcoin
8. https://nvd.nist.gov/vuln/detail/cve-2024-38365
9. https://github.com/demining/Digital-Signature-Forgery-Attack
10. https://attacksafe.ru/private-keys-attacks/
11. https://bitcointalk.org/?topic=140078
12. https://www.robgjansen.com/publications/shadowbitcoin-cset2015.pdf
13. https://www.avivz.net/pubs/16/btc_hijack.pdf
14. https://www.darktrace.com/de/blog/detection-and-guidance-for-the-confluence-cve-2022-26134-zero-day
15. https://www.reddit.com/r/Bitcoin/comments/19dbl70/could_it_ever_be_hacked/
16. https://wesecureapp.com/blog/attacks-on-blockchain/
17. https://adnanthekhan.com/2024/01/10/cve-2023-49291-and-more-a-potential-actions-nightmare/
18. https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1093&context=msia_etds
19. https://cloud.google.com/security-command-center/docs/findings/threats/execution-cryptocurrency-mining-hash-match
20. https://www.sciencedirect.com/science/article/pii/S2352864822000864
21. https://cve.mitre.org/cgi-bin/cvekey.cgi
22. https://cloud.google.com/security-command-center/docs/findings/threats/execution-cryptocurrency-mining-combined-detection

1. https://b8c.ru/vulnkeyhunter/
2. https://www.incibe.es/en/incibe-cert/early-warning/vulnerabilities/cve-2023-39910
3. https://www.tenable.com/cve/CVE-2023-39910
4. https://github.com/libbitcoin/libbitcoin-explorer/wiki/cve-2023-39910
5. https://github.com/demining/CryptoDeepTools
6. https://github.com/demining/Milk-Sad-vulnerability-in-the-Libbitcoin-Explorer-3.x
7. https://milksad.info
8. https://b8c.ru/page/11/
9. https://dbugs.ptsecurity.com/vulnerability/PT-2023-5500
10. https://blog.inhq.net/posts/milk-sad-vuln1/
11. https://www.nobsbitcoin.com/milk-sad-vulnerability-disclosure/
12. https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
13. https://www.darktrace.com/blog/using-ai-to-detect-a-bitcoin-mining-campaign-leveraging-citrix-netscaler-vulnerabilities
14. https://www.merklescience.com/blog/hot-wallet-hacks-a-growing-threat-and-mitigation-strategies
15. https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html
16. https://heimdalsecurity.com/blog/free-encryption-software-tools/
17. https://monovm.com/blog/blockchain-security-tools/
18. https://www.solulab.com/blockchain-security-tools/
19. https://www.trendmicro.com/en_us/research/22/i/atlassian-confluence-vulnerability-cve-2022-26134-abused-for-cryptocurrency-mining-other-malware.html
20. https://www.youtube.com/watch?v=SfW7Ir3xtNo
21. https://www.ledger.com/academy/topics/crypto/how-to-find-and-recover-lost-bitcoin-wallets
22. https://arxiv.org/html/2508.01280v1
23. https://yellow.com/news/how-to-recover-lost-bitcoin-from-seed-phrase-to-private-keys-a-complete-guide
24. https://www.cvedetails.com/vendor/12094/Bitcoin.html
25. https://support.trustwallet.com/support/solutions/articles/67000734573-lost-recovery-phrase-or-private-key-how-to-protect-your-crypto
26. https://getoppos.com/five-tools-to-protect-your-cryptocurrency/
27. https://www.cve.org/CVERecord/SearchResults?query=bitcoin
28. https://www.kraken.com/ru/learn/can-you-recover-lost-crypto
29. https://zeyadazima.com/general/hacking_crypto_network/
30. https://bitkan.com/learn/how-to-recover-bitcoin-wallet-with-public-and-private-key-59293
31. https://conference.hitb.org/hitbsecconf2024auh/product/hacking-cryptography-attacks-tools-techniques-auh2024/
32. https://nvd.nist.gov/vuln/detail/CVE-2023-50428
33. https://bitcointalk.org/index.php?topic=5457504.0
34. https://github.com/nextcloud/encryption-recovery-tools
35. https://arxiv.org/html/2501.16681v1
36. https://github.com/RsaCtfTool/RsaCtfTool
37. https://arxiv.org/pdf/2210.02873.pdf
38. https://play.google.com/store/apps/details?id=io.github.keyhunter&hl=en_AU
39. https://www.ledger.com/ru/academy/topics/security/what-are-address-poisoning-attacks-in-crypto-and-how-to-avoid-them
40. https://keyhunters.ru/page/39/
41. https://moldstud.com/articles/p-top-10-encryption-tools-every-system-security-engineer-must-know-for-robust-cybersecurity
42. https://hashlock.com/blog/understanding-and-preventing-address-poisoning-scams-in-crypto
43. https://keyhunters.ru
44. https://cloud.google.com/security-command-center/docs/findings/threats/execution-cryptocurrency-mining-hash-match
45. https://cyberexperts.com/cryptography-tools/
46. https://www.usenix.org/system/files/usenixsecurity25-tsuchiya.pdf
47. https://thectoclub.com/tools/best-encryption-key-management-software/
48. https://www.cyberday.ai/library/encryption-key-recovery
49. https://www.globalsign.com/en/blog/8-best-practices-cryptographic-key-management
50. https://habr.com/ru/articles/771980/
51. https://www.reddit.com/r/Bitcoin/comments/15lu8ps/milk_sad_a_practical_explanation_of_how_weak/
52. https://nvd.nist.gov/vuln/detail/CVE-2023-39910
53. https://pikabu.ru/story/milk_sad_uyazvimost_v_biblioteke_libbitcoin_explorer_3x_kak_byila_osushchestvlena_krazha_na__900_000_u_polzovateley_bitkoin_koshelkov_btc_10799848
54. https://www.cve.org/CVERecord?id=CVE-2023-39910
55. https://vuldb.com/?id.236603
56. https://github.com/HomelessPhD/MilkSad_dummy
57. https://www.halborn.com/blog/post/how-hackers-can-exploit-weak-ecdsa-signatures
58. https://advisense.com/2025/03/13/cryptocurrency-and-blockchain-risks/
59. https://advocates.am/forum/index.php?p=%2Fdiscussion%2F82078%2Ftop-3-bitcoin-wallet-recovery-services-to-check-out-in-2025
60. https://github.com/demining/Lattice-Attack
61. https://i-ric.org/forum/the-best-cryptocurrency-recovery-service-in-2025vulnerability-saver/
62. https://kudelskisecurity.com/research/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears
63. https://www.arkoselabs.com/explained/guide-to-cryptocurrency-security/
64. https://moldstud.com/articles/p-essential-tools-libraries-for-bitcoin-cryptography-development-2025-guide
65. https://notsosecure.com/ecdsa-nonce-reuse-attack
66. https://www.micromindercs.com/blog/crypto-wallet-protection
67. https://cryptodeeptech.ru
68. https://www.sciencedirect.com/science/article/abs/pii/S0167739X17330030
69. https://stellarcyber.ai/beyond-the-basics-advanced-techniques-for-securing-your-crypto-wallet/
70. https://onekey.so/blog/ecosystem/best-btc-wallets-in-2025-comparing-top-software-hardware-solutions/
71. https://dl.acm.org/doi/10.1016/j.future.2019.08.034
72. https://www.apriorit.com/dev-blog/crypto-wallet-security-best-practices
73. https://github.com/topics/private-key
74. https://dl.acm.org/doi/full/10.1145/3596906