1925 matches found
CVE-2018-1000851
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability...
CVE-2021-31876
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction wi...
$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China
Billionaire Chen Zhi and associates Xu Ji Liang and Shao Ji Hui have been extradited to China. This exclusive report details the collapse of the Prince Group's global scam network, the seizure of $15 billion in Bitcoin, and the forced labour camps behind the billion-dollar pig butchering fraud...
CVE-2017-12842
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
CVE-2024-34149
In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check for example, because they agree with the objective but disagree with the technical mechanism, ...
Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords...
CVE-2013-7372
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...
CVE-2019-16761
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions 1.0....
CVE-2019-16762
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to...
Bitfinex Hack Mastermind Behind $10 Billion Theft Gets Early Release
Ilya Lichtenstein, the man behind the massive 2016 Bitfinex Bitcoin theft, has been released early from prison. Read how the First Step Act and a trail of Walmart gift cards led to this major update in one of the world's largest crypto thefts...
Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act
Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S...
2 US Cybersecurity Experts Guilty of Extortion Scheme for ALPHV Ransomware
Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree...
atomkraft (>=0.0.1 <=0.1.2), bitcoin-utils (>=0.6.1 <=0.7.1) +14 more potentially affected by CVE-2025-69277 via hdwallet (>=0.2.0 <=3.4.0)
hdwallet PYPI version =0.2.0, =0.0.1, =0.6.1, =1.3.6, =0.1.5, =0.1.4, =0.1.6, =0.1.0, =0.1.0, =0.0.2, =0.2.3, =0.1.0, =5.1.0, =0.3.0, =0.5.0a1 and more Source cves: CVE-2025-69277 Source advisory: OSV:GHSA-MRFV-M5WM-5W6W...
GO-2025-4214 Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond in github.com/babylonlabs-io/babylon
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond in github.com/babylonlabs-io/babylon...
EUVD-2025-201932
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond...
Incomplete Cleanup
Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the x/costaking process. An attacker can continue to accrue rewards without maintaining any actual BTC stake by exploiting a state inconsistency that occurs when a Finality Provider becomes inactive at the same blo...
GHSA-4RMQ-MC2C-R495 Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
The Treasury Proof Ledger: A Cryptographic Framework for Accountable Bitcoin Treasuries
Public companies and institutional investors that hold Bitcoin face increasing pressure to show solvency, manage risk, and satisfy regulatory expectations without exposing internal wallet structures or trading strategies. This paper introduces the Treasury Proof Ledger TPL, a Bitcoin-anchored...