The well-known “Milk Sad incident” would have originated in the Libbitcoin Explorer (bx) 3.x library.
OneKey clarified that its wallets are not compromised by the ruling.
OneKey, a company specialized in hardware wallets, recently published an advisory about the vulnerability associated with the well-known “Milk Sad incident”, which allowed the decryption of around 120,000 Bitcoin private keys. The firm provided explanations about the possible attack vector.
This event was a case of heist massive cryptocurrency attack that occurred in July 2023, where attackers exploited private keys.
According to OneKey’s statement, The bug originated in Libbitcoin Explorer (bx) 3.xa library used to generate cryptographic keys, which generated random numbers using the Mersenne Twister-32 algorithm, using only system time to generate the seeds.
When we talk about “seed” in random number generation, it refers to an initial value that the algorithm uses to produce sequences of unpredictable numbers.
In this case, The algorithm in question generated the seed from system timethat is, the exact hour and minute in which the key was generated.
“Because the seed space was limited to 2³² values (about 4.3 billion possibilities), the numbers generated were predictable and vulnerable to brute force attacks,” states the warning of the company. The attack could be carried out with a single computer in one day.
They also indicated that the issue specifically affects the Trust Wallet extension in versions v0.0.172 to v0.0.183; Trust Wallet Core in versions up to v3.1.1 (excluding v3.1.1); and any wallet, whether hardware or software, that has integrated Libbitcoin Explorer (bx) 3.x or Trust Wallet Core ≤ v3.1.1 (except v3.1.1).
However, the company clarified that The failure does not compromise the security of the private keys or mnemonics —the recovery phrases— from their wallets.
“All OneKey next-generation hardware wallets use a Secure Element (SE) with a built-in Truly Random Number Generator (TRNG) for key generation. This process is completely hardware-based…”
Likewise, OneKey clarifies that its desktop app and browser extension take advantage of the WASM interface based on Chromium—a technology that allows secure code to run in modern browsers—which uses the operating system’s Cryptographically Secure Pseudorandom Number Generator (CSPRNG) as a source of entropy.
“Entropy” is the source of unpredictable randomness that the operating system collects from real events such as mouse movement, keystrokes, or hardware thermal noise; CSPRNG takes this entropy to create safe, random numbers.
For their part, they claim that the mobile version uses certified iOS and Android APIs directly, which they qualify as cryptographically secure and certified.
Despite this, the company warns that the quality of random number generation depends on the integrity of the operating system and the device’s hardware.
As a precaution, OneKey recommends using hardware wallets for long-term asset management and avoiding importing mnemonics generated in software environments, as they could inherit a lower level of randomness, which decreases the security of the keys.
The company ensures that all its platforms have been evaluated with recognized methodologies such as NIST SP800-22 (a set of statistical tests to validate the randomness of numbers) and FIPS-140-2 (a federal cryptographic security standard that certifies the robustness of random number generation modules), complying with cryptographic randomness standards.
Thanks to vulnerabilities such as the one exposed in this article, multiple specialists suggest diversifying funds and not concentrating all assets in a single location. Those who wish to learn more about how bitcoin wallets work and how to protect their keys can consult the CriptoNoticias Cryptopedia, designed for both beginners and advanced users.