Over 120,000 Bitcoin private keys were exposed through a flaw in Libbitcoin Explorer’s random-number generator

A newly uncovered vulnerability in a widely used open-source Bitcoin library has led to the exposure of more than 120,000 private keys, according to a report by crypto wallet provider ￰0￱ flaw was traced back to the Libbitcoin Explorer (bx) 3. x series, which allowed attackers to predict wallet private keys generated through insecure random number ￰1￱ to OneKey’s insight published on X late Friday, Libbitcoin Explorer (bx) 3. x is a command-line utility long used to create Bitcoin wallets ￰2￱ software uses the Mersenne Twister-32 pseudo-random number generator (PRNG), which seeds randomness using only the system ￰3￱ seed space was limited to 2³² possible values, which helped hackers easily predict the random numbers and brute-force wallet private ￰4￱ aware of when a wallet was generated could reconstruct the same sequence of random numbers and, in turn, derive the private key to access an address’s ￰5￱ analysis on the extent of affected wallets According to the crypto wallet service provider, the issue has been confirmed to affect several wallet implementations that integrated Libbitcoin Explorer or its dependent components, including Trust Wallet Extension versions 0.0.172 through 0.0.183, and Trust Wallet Core versions up to 3.1.1, bar the patched 3.1.1 release.

OneKey, citing an analysis by security researchers, discovered that the security flaw arose from the PRNG’s dependence on predictable ￰6￱ could reproduce identical private keys for wallets generated at specific ￰7￱ small seed space and predictable nature of the Mersenne Twister-32 algorithm made it feasible for malicious actors to automate the process and compromise several ￰8￱ explained that the flaw may have contributed to previous mysterious fund losses in incidents like the “Milk Sad” case, where victims reported seeing their wallets drained, despite using air-gapped systems for ￰9￱ ‘Milk Sad’ connection did not affect OneKey wallets The Milk Sad investigation, which began earlier this year, revealed that victims had generated their wallets on air-gapped Linux laptops using commands in Libbitcoin ￰10￱ each case, users relied on bx to produce their 24-word BIP39 mnemonic phrases in the belief that the tool made the randomness ￰11￱ command sequence used during wallet generation was bx seed -b 256 | bx ￰12￱ generated 256 bits of entropy, which were then converted into a 24-word mnemonic ￰13￱ to the flawed random number generator, the supposedly secure mnemonics were in fact ￰14￱ the Milk Sad victims created their wallets years apart, investigators found each used the same version of Libbitcoin Explorer, which unknowingly generated weak private ￰15￱ its report, OneKey stated that the vulnerability in Libbitcoin Explorer does not compromise the security of mnemonic or private keys in its ￰16￱ company’s investigation confirmed that its devices and software use a cryptographically secure RNG that meets international security standards.

“All new-generation hardware wallets have Secure Elements (SE) with built-in True Random Number Generators (TRNGs) for key ￰17￱ components are hardware-based and hold EAL6+ certification, levels of security that are recognized globally,” the hardware and cold wallet company ￰18￱ wallet vulnerability assessment OneKey also conducted an assessment of its software products, noting that the Desktop and Browser Extension versions utilize a Chromium-based WebAssembly (WASM) PRNG ￰19￱ interface operating system uses a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) as the entropy source, which is the same standard used in modern browsers and secure software ￰20￱ said its Android and iOS wallets have system-level CSPRNG APIs built into the operating systems ￰21￱ wallet service’s security team reiterated that the randomness quality in wallet generation directly depends on the integrity of the device and software environment.

“If the operating system, browser kernel, or device hardware is compromised, the entropy source could be weakened,” it ￰22￱ firm has advised users to choose hardware wallets if they plan to store coins for the long term, to minimize the risk of ￰23￱ also warned them not to import mnemonic phrases generated by software wallets into hardware ￰24￱ you're reading this, you’re already ￰25￱ there with our newsletter .