Bitcoin wallet vulnerability exposes thousands of private keys
Experts advise storing coins in hardware wallets and avoiding importing mnemonics from software wallets to reduce risk.
A flaw in the widely used Libbitcoin Explorer (bx) 3.x series has exposed over 120,000 Bitcoin private keys, according to crypto wallet provider OneKey. The flaw arose from a weak random number generator that used system time, making wallet keys predictable.
Attackers aware of wallet creation times could reconstruct private keys and access funds.
Several wallets were affected, including versions of Trust Wallet Extension and Trust Wallet Core prior to patched releases. Researchers said the Mersenne Twister-32’s limited seed space let hackers automate attacks and recreate private keys, possibly causing past fund losses like the ‘Milk Sad’ cases.
OneKey confirmed its own wallets remain secure, using cryptographically strong random number generation and hardware Secure Elements certified to global security standards.
OneKey also examined its software wallets, ensuring that desktop, browser, Android, and iOS versions rely on secure system-level entropy sources. The firm urged long-term crypto holders to use hardware wallets and avoid importing software-generated mnemonics to reduce risk.
The company emphasised that wallet security depends on the integrity of the device and operating environment.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
