Security Flaw in Libbitcoin Explorer
A significant security flaw has been identified in the Libbitcoin Explorer (bx) 3.x library, leaving more than 120,000 Bitcoin (BTC) wallets worldwide exposed to potential hacks. This vulnerability, linked to ineffective random number generation, complicates the ability of users to safeguard their cryptocurrency assets. Security experts have outlined several precautionary measures for users aiming to secure their funds.
Details of the Vulnerability
Discovered in November 2023, this vulnerability continues to leave many non-custodial BTC wallets susceptible to brute force attacks. The OneKey wallet team brought attention to the issue on October 17, 2025, providing insight into the threat’s mechanisms. Fortunately, the flaw highlighted during the Milk Sad incident does not compromise the mnemonic or private key integrity of OneKey’s hardware or software wallets.
Technical Explanation
At the heart of the problem is the Libbitcoin Explorer (bx) 3.x toolkit, designed for developing Bitcoin wallets in C++. This library utilizes the Mersenne Twister-32 for its random number generation, employing only system time as a seed, which significantly restricts the total possibilities to just 2³² values. This limitation makes it increasingly easy for cybercriminals to execute brute-force attacks, allowing them to predict and derive private keys for wallets generated through affected versions of Trust Wallet or directly via Libbitcoin Explorer (bx) 3.x.
Risk Assessment
The scale of the risk is substantial. With a robust personal computer, attackers could feasibly iterate through all potential seeds in a matter of days, enabling them to gain access to private keys created at any time during the wallet’s lifetime and consequently, to the user’s cryptocurrency holdings. Despite awareness of this weakness for the past two years, it still poses a genuine threat to Bitcoin wallet users.
Recommended Actions for Users
In light of this vulnerability, individuals with non-custodial Bitcoin addresses established between 2017 and 2023 using the compromised tools are urged to:
- Transfer their assets to safer storage solutions that employ Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) technology.
- Generate new seed phrases in line with BIP 39 recommendations to bolster wallet security further.
- Review their paper or hardware wallets for vulnerabilities linked to the so-called Milk Sad Case.
- Ensure they consistently operate with the latest updates for both their applications and operating systems to mitigate risks.
