Always verify the randomness of your wallet mnemonic generator.
In a recent situation a bunch of wallets generated using bx, that, under the hood, uses a unsafe Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time.
With a gamer computer and some hints on wallet creation time you can brute force the wallet creation time to deterministically generate the wallet mnemonic and <poof> money is gone....
More information here: https://milksad.info/
Mitigation strategies: use dices to generate your seed offline, and NOT those "airgap" linux computers...
Einherjar
npub1mc…02agr
2023-08-10 13:22:07
Author Public Key
npub1mcgkta7n5ptnha34acasmld7z3psp6lwlmqgqwzp9c4jevnv25lqm02agrPublished at
2023-08-10 13:22:07Event JSON
{
"id": "6eb222086b79e1656923d101ed8fbd332a9f5d58c75815d102b55053f1f21d08",
"pubkey": "de1165f7d3a0573bf635ee3b0dfdbe144300ebeefec08038412e2b2cb26c553e",
"created_at": 1691673727,
"kind": 1,
"tags": [],
"content": "Always verify the randomness of your wallet mnemonic generator.\n\nIn a recent situation a bunch of wallets generated using bx, that, under the hood, uses a unsafe Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time.\nWith a gamer computer and some hints on wallet creation time you can brute force the wallet creation time to deterministically generate the wallet mnemonic and \u003cpoof\u003e money is gone....\n\nMore information here: https://milksad.info/\n\nMitigation strategies: use dices to generate your seed offline, and NOT those \"airgap\" linux computers...",
"sig": "4b1dbe24588d0aa9d5913d4ad31bd0fb5524fa4d68ef88d6e20a33c0e82a9fe819722d1c328d04bb8569734ab28c982fa37be16653f79af1c681b14bc763c39e"
}