Market News

OneKey Identifies Flaw Threatening 120K Bitcoin Private Keys

OneKey uncovers a flaw in a popular crypto library that could expose 120,000 Bitcoin keys, showing why strong randomness is vital for wallet security.

Written By:
Kenrodgers Fabian

Reviewed By:
Gopal Solanky
OneKey Identifies Flaw Threatening 120K Bitcoin Private Keys

Cryptocurrency self-custody wallet OneKey has revealed a vulnerability that could impact up to 120,000 Bitcoin private keys. The flaw stems from the Libbitcoin Explorer (bx) 3.x library, which several wallets used to generate private keys. The issue, discovered after the Milk Sad incident, exposes wallets to brute-force attacks because the library relied on a weak random-number algorithm. 

According to the OneKey report, the problem originated from bx’s use of the Mersenne Twister-32 algorithm. It generated random numbers using only the system time as a seed, which limited randomness to 2³² possible values. Consequently, attackers could predict wallet keys by testing all possible seeds within days. 

“The vulnerability disclosed in the Milk Sad incident does not affect the mnemonic or private key security of any OneKey hardware or software wallet,” the company confirmed on X. 

OneKey’s security evaluation

OneKey conducted a comprehensive test across macOS, Windows, Android, and iOS to assess the quality of its mnemonic generation. The findings confirmed that all platforms use cryptographically secure random number generators following NIST SP 800-22 and FIPS 140-2 standards. Moreover, OneKey’s browser version uses a built-in Chrome security tool to create random numbers, while its Android and iOS apps use secure systems built into each phone’s operating system.

Besides, every OneKey hardware wallet has its own chip that makes random numbers inside the device, following strict security rules to lower tampering risks. Older models also use built-in systems that meet global security checks. However, OneKey advised users not to move recovery phrases made on software wallets into hardware ones, since weaker randomness could make private keys easier to guess.

At the same time, experts from Cisco Talos and Google found that a North Korean hacking group called Famous Chollima is hiding malware inside blockchain smart contracts. The group uses a new trick called “EtherHiding” to sneak in harmful code, mainly targeting job seekers through fake interviews to steal their crypto and personal information.

The discovery shows how crucial real randomness is when creating wallet keys. Hardware wallets that generate their own keys make it harder for hackers to guess them.

Also Read: Binance Investigated by French Authorities for Money Laundering

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Content Writer with over 3 years of experience in crypto news, data analysis, and IT. With a degree in Health Records and Information Technology, he brings a structured and analytical approach to digital reporting. Kenrodgers focuses on delivering accurate, informative content that helps readers stay updated on the latest trends in crypto and emerging technologies.
Gopal Solanky, Senior Reporter for Markets and Protocols at The Crypto Times
By Gopal Solanky Sr. Crypto Journalist
Follow:
Gopal Solanky is a Senior Reporter, Markets & Protocols at The Crypto Times, based in Ahmedabad. He covers institutional crypto adoption, Bitcoin treasury strategies, DeFi markets, protocol ecosystems, Ethereum network activity, Hyperliquid, on-chain trends, and broader digital asset market movements. Gopal has been active in the crypto ecosystem for more than six years. Before joining The Crypto Times full-time in 2023, he worked as a freelance crypto content writer, developing a strong understanding of blockchain infrastructure, DeFi protocols, market cycles, token mechanics, and peer-to-peer systems. His reporting focuses on explaining how protocols work, why market movements happen, and how institutional and on-chain activity affects crypto investors and builders. At The Crypto Times, Gopal regularly writes market analysis, protocol explainers, breaking news, and technical breakdowns across Bitcoin, Ethereum, DeFi, altcoins, treasury companies, and Web3 infrastructure. He also hosts on-the-record interviews with regional Web3 founders, protocol teams, and ecosystem leaders. His work has been cited by external publications, including Vulture.com, in coverage of major crypto stories such as the Hawk Tuah memecoin controversy. His reporting has also contributed to The Crypto Times’ coverage of major industry events, including FTX-related developments, institutional crypto adoption, and emerging protocol narratives. Gopal holds a Bachelor’s degree in Computer Applications, giving him a technical foundation for analyzing blockchain systems, crypto infrastructure, and market data.

Latest News

Coinbase CEO Armstrong and Elon Musk See Space Habitats As Crypto’s Next SEZs
Coinbase CEO Armstrong and Elon Musk See Space Habitats As Crypto’s Next SEZs
Algorand Unveils 2027 Post-Quantum Defense Plan
Algorand Unveils 2027 Post-Quantum Defense Plan
Fidelity Joins Wall Street's Race to Manage Stablecoin Reserves Under the GENIUS Act
Fidelity Joins Wall Street’s Race to Manage Stablecoin Reserves Under the GENIUS Act
SEC and CFTC Launch Historic Joint Review of Crypto Derivatives Rules
SEC and CFTC Launch Historic Joint Review of Crypto Derivatives Rules
Morgan Stanley Files for Spot Ethereum ETF With Staking
Morgan Stanley Files for Spot Ethereum ETF With Staking

Find Us on Socials

You may also like