A major software vulnerability has flown under the radar of most Bitcoin users.The Bitmessage tool apparently contains a major remotely executable zero-day exploit. This error is found in the PyBitmessage application and has been successfully been taken advantage of by some criminals. Anyone successfully abusing this loophole could be able to steal Bitcoin wallet private keys.
It is never good to see a popular application suffer from major exploits. This situation only grows worse once the application is popular among cryptocurrency enthusiasts.BitMessage, a peer-to-peer communication protocol offering encrypted messages, is the tool which can be exploited. The developers warned the public about this flaw quite some time ago. Anyone using PyBitmessage version 0.6.2 is at risk of suffering from Bitcoin private key theft.
BitMessage Flaw Should not be Overlooked
More specifically, this exploit affects PyBitmessage across all major operating systems. It is the official client for this P2P encrypted messaging system, which means lots of users are potentially at risk. This “message encoding flaws” has already claimed a few victims in recent weeks. It seems an automated script is being used to look for Electrum wallet folders. Even so, the assailants can simply scan all computer files and sniff out wallet.dat files, for example.
The Bitmesssage developers describe this security flaw as follows:
“The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell. The automated script looked in ~/.electrum/wallets [Electrum wallets], but when using the reverse shell, he had access to other files as well.”
For now, the new client fixes this vulnerability. It is advised all BitMessage users install the latest PyBitmessage client as soon as possible. Users of a client version prior to 0.6.1 are also safe from harm, for the time being. For now, it remains unclear how many users have lost funds because of this flaw. It’s always advised to be cautious first and foremost.
Header image courtesy of Shutterstock