News on several Lost ‘n’ Found boxes full of private keys 🔑🔥
This post is a Public Service Announcement:
Several vulnerable versions of the cryptocurrency wallet software
Cake Wallet released in 2020-2021 created extremely weak Bitcoin wallets.
If you’re a Cake Wallet user or know someone who is, we urgently recommend checking if you -> still use a vulnerable old wallet software version -> still use an old and weak Bitcoin mnemonic seed generated with a vulnerable version
Affected wallets are at risk of immediate and complete loss of all Bitcoin funds.
Last Friday, we learned of a newly disclosed vulnerability in the
Trust Wallet software which is relevant to Milk Sad. Researchers from SECBIT Labs tracked down an older wallet generation weakness in the iOS platform version of
Trust Wallet from 2018 and connected it to the large thefts on 2023-07-12 that triggered our Milk Sad research.
Using the newly available information, we managed to reproduce some of their findings, and can give a first look at additional data we collected.
We take a deep dive into the
bip3x library’s use of pseudo random number generators (PRNG) and related problems.
This research update has some information on the Bloom filter mechanism and public blockchain address data we used to find weak Bitcoin wallets. Using this technique, we were able to check several billion of potential wallets for actual usage on the blockchain without running a Bitcoin full node, or flooding other Bitcoin servers and APIs with excessive network requests.
While researching the weak entropy generated by
bx using the Mersenne Twister algorithm, we learned fairly quickly that the generation algorithm is only a minor code change away from re-creating the weak wallets of the
Trust Wallet software. Naturally, we spent some time in the last months to see which weak wallets we could summon from the cryptographic realms 🔮🪄.
There is a lot to tell about new discoveries that resulted from this, so we’ll start by presenting some initial statistics and descriptions about the over 2700 weak wallet private keys in these new areas.
Three months have passed since discovering the explanation for the observed thefts and our intense sprint towards the initial publication of the
Milk Sad vulnerability in the blockchain-explorer
bx wallet software. By quickly publishing, we fulfilled our primary goal of telling the world about the issue - providing an explanation for affected victims, and hopefully sparing some future users from the same fate. The disclosure also raised the public profile of the weak Pseudorandom Number Generators (PRNGs) vulnerability class and underlined the catastrophic impacts it can have in the cryptocurrency world.
After the dust settled and things got back to normal, most of our team members have now turned their focus back to their day jobs and other projects.
Curiosity is a powerful motivation, though, and so a few members of the group keep digging into more details of the fallout of weak
bx keys, similar vulnerabilities involving weak private keys, and related security research that interests us.
Going forward, we will make use of individual blogposts to share new details, discoveries, and other topics we see as notable.