A severe vulnerability in the random number generation method of the widely used open-source Bitcoin library Libbitcoin Explorer has led to the exposure of more than 120,000 Bitcoin private keys, putting many digital assets at risk. The flaw, rooted in a predictable pseudo-random number generator, impacted multiple wallet platforms and may explain several historical, unexplained fund losses.
The issue was publicly analyzed by crypto wallet provider OneKey, which confirmed that the vulnerability did not affect its own systems. The company also conducted a detailed assessment of how widespread the problem may be across the ecosystem.
A Flawed Random Number Generator
At the heart of the breach was the Libbitcoin Explorer (bx) 3.x series. This tool, popular among developers for generating wallet seeds and keys, relies on the Mersenne Twister-32 algorithm for random number generation, a method that is not cryptographically secure.
Crucially, the Mersenne Twister-32 implementation was seeded only with system time. As a result, the seed space was limited to just 2³² possible values. This made it feasible for attackers to brute-force potential seeds by estimating when a wallet was created. Once the seed was reconstructed, it became possible to reproduce the same pseudo-random number sequence and derive the corresponding private keys.
According to OneKey’s published report on the incident, a high-performance personal computer could enumerate all possible seeds in a matter of days, making large-scale theft not only plausible but likely already in progress by the time the vulnerability came to light.
Affected Wallets and Software Versions
The security risk is not confined to a single platform. Several software implementations that utilized Libbitcoin Explorer 3.x or components built on it were vulnerable. These include:
- Trust Wallet Extension versions 0.0.172 to 0.0.183
- Trust Wallet Core versions up to (but not including) 3.1.1
Any wallet, hardware or software, that integrated Libbitcoin Explorer or older versions of Trust Wallet Core could be affected. OneKey’s investigation also links this vulnerability to previous incidents such as the “Milk Sad” case, where users saw their wallets emptied despite relying on seemingly secure, air-gapped setups.
OneKey Confirms Its Wallets Are Secure
OneKey confirmed that its wallet products, both hardware and software, are not impacted by the flaw. The company uses certified True Random Number Generators (TRNGs), ensuring entropy sources are both unpredictable and secure.
All current OneKey hardware wallets are equipped with a Secure Element (SE) chip that includes a built-in TRNG. This system is entirely hardware-based and does not rely on system time or software-based entropy. According to OneKey, their SE chip has received EAL6+ certification, aligning with international cryptographic standards.
Even legacy OneKey hardware wallets meet stringent security benchmarks. They use internal TRNGs that comply with NIST SP800-22 and FIPS 140-2 guidelines, two well-established standards for randomness of quality and cryptographic strength.
Software Wallets
OneKey’s desktop and browser extension wallets use a Chromium-based WebAssembly PRNG interface, which taps into the host operating system’s Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). These CSPRNGs meet current cryptographic standards and are considered secure.
On mobile platforms, the OneKey wallet directly utilizes the system-level CSPRNG APIs provided by Android and iOS, ensuring the entropy is derived from secure, certified sources.
However, the company notes that the overall randomness quality in software wallets is still dependent on the security of the user’s device and operating system. “If the operating system, browser kernel, or device hardware is compromised, the entropy source could be weakened,” the team stated.
As a precaution, OneKey advises users to favor hardware wallets for long-term storage of digital assets. They strongly discourage importing mnemonic phrases generated in software environments into hardware wallets, as this practice could carry over compromised entropy.
The OneKey security team has performed rigorous evaluations of entropy across its products using NIST and FIPS methodologies, with all results meeting cryptographic randomness standards. The company has made detailed test reports and certifications available via its Help Center.
