Security Vulnerability in Wallets: 120,000 Bitcoin Keys at Risk

Recently, an important security vulnerability has caught the attention of cryptocurrency investors, revealing that 120,000 Bitcoin private keys are at risk. According to a warning from OneKey, the weak random number generation in versions 3.x of the Libbitcoin Explorer (bx) poses a serious threat that could make private keys predictable.

Libbitcoin Explorer (bx) 3.x generates private keys solely based on a 2³² size system time seed using the Mersenne Twister-32 algorithm. This situation reveals that attackers could potentially reproduce this random number sequence by making a prediction about the key generation time, thereby deriving private keys. This vulnerability is particularly applicable to software such as Trust Wallet Extension v0.0.172–v0.0.183 and Trust Wallet Core ≤ v3.1.1 (excluding v3.1.1).

OneKey emphasizes that the Mersenne Twister-32 algorithm was not designed for cryptographic purposes and that its outputs are predictable. It notes that a 2³² seed value can be scanned in days with high-performance hardware. Such a brute-force attack could enable the discovery of keys generated within a specific time frame.

In this context, OneKey has stated that their hardware wallets utilize Secure Element (SE) and True Random Number Generator (TRNG), and therefore are not affected. They highlight that the SE is EAL6+ certified and that the randomness tests performed for software platforms comply with NIST SP800-22 and FIPS-140-2 standards. Software wallets, on the other hand, rely on CSPRNG calls dependent on the operating system, but it is noted that entropic weakness could arise in the event of an attack from the operating system or browser.

This security vulnerability underscores the need for cryptocurrency investors to remain vigilant. Investors are advised to avoid using affected wallets and to prefer secure hardware wallets, which will minimize existing risks. It should not be forgotten that security in the cryptocurrency world is vital for the sustainability of investments.