Research Updates

News on several Lost ‘n’ Found boxes full of private keys 🔑🔥

Update #10 - Cake Wallet Vulnerability Impact

This is the second analysis article of the insecure Bitcoin wallet flaw in Cake Wallet from 2020/2021. In this iteration, we give an overview on usage statics and affected funds and present a number of graphs to visualize the overall usage.

Update #9 - Cake Wallet Technical Writeup

In this post, we’re disclosing new technical information on the Cake Wallet flaw from 2020/2021 that led to the generation and use of very insecure Bitcoin wallets.

Update #8 - Custom Rust Library Optimizations

This is a developer-focused research update on code optimizations for secp256k1 libraries.

Update #7 - Billion Dollar Wallet Range, Now Empty

In research update #2, we looked at the weak wallet generation algorithm used by vulnerable Trust Wallet (CVE-2023-31290) versions and other yet unknown wallet software. In the corresponding 128 bit private key range discussed in that research update, we had tracked down ~1000 Bitcoins worth of historical transaction volume, representing millions of dollars in cryptocurrency that had been relying on vulnerable private keys.
Astonishingly, this was just the tip of the iceberg. The 256 bit key range of the same weak generation mechanism formerly held tens of thousands of Bitcoins on extremely weak keys 🤯

Update #6 - Cake Wallet Vulnerability PSA

This post is a Public Service Announcement: Several vulnerable versions of the cryptocurrency wallet software Cake Wallet released in 2020-2021 created extremely weak Bitcoin wallets.
If you’re a Cake Wallet user or know someone who is, we urgently recommend checking if you -> still use a vulnerable old wallet software version -> still use an old and weak Bitcoin mnemonic seed generated with a vulnerable version
Affected wallets are at risk of immediate and complete loss of all Bitcoin funds.

Update #5 - Digging Into New Trust Wallet Research

Last Friday, we learned of a newly disclosed vulnerability in the Trust Wallet software which is relevant to Milk Sad. Researchers from SECBIT Labs tracked down an older wallet generation weakness in the iOS platform version of Trust Wallet from 2018 and connected it to the large thefts on 2023-07-12 that triggered our Milk Sad research.
Using the newly available information, we managed to reproduce some of their findings, and can give a first look at additional data we collected.

Update #4 - Affected Software: bip3x Library

We take a deep dive into the bip3x library’s use of pseudo random number generators (PRNG) and related problems.

Update #3 - Bloom Filter, Dataset, Canaries

This research update has some information on the Bloom filter mechanism and public blockchain address data we used to find weak Bitcoin wallets. Using this technique, we were able to check several billion of potential wallets for actual usage on the blockchain without running a Bitcoin full node, or flooding other Bitcoin servers and APIs with excessive network requests.

Update #2 - Trust Wallet Ranges, Uncompressed Pubkeys

While researching the weak entropy generated by bx using the Mersenne Twister algorithm, we learned fairly quickly that the generation algorithm is only a minor code change away from re-creating the weak wallets of the Trust Wallet software. Naturally, we spent some time in the last months to see which weak wallets we could summon from the cryptographic realms 🔮🪄. There is a lot to tell about new discoveries that resulted from this, so we’ll start by presenting some initial statistics and descriptions about the over 2700 weak wallet private keys in these new areas.

Update #1 - New bx Data, ETH, Service Changes

Three months have passed since discovering the explanation for the observed thefts and our intense sprint towards the initial publication of the Milk Sad vulnerability in the blockchain-explorer bx wallet software. By quickly publishing, we fulfilled our primary goal of telling the world about the issue - providing an explanation for affected victims, and hopefully sparing some future users from the same fate. The disclosure also raised the public profile of the weak Pseudorandom Number Generators (PRNGs) vulnerability class and underlined the catastrophic impacts it can have in the cryptocurrency world. After the dust settled and things got back to normal, most of our team members have now turned their focus back to their day jobs and other projects. Curiosity is a powerful motivation, though, and so a few members of the group keep digging into more details of the fallout of weak bx keys, similar vulnerabilities involving weak private keys, and related security research that interests us.
Going forward, we will make use of individual blogposts to share new details, discoveries, and other topics we see as notable.