ExchangeDEX+

Buy Crypto Markets Spot FuturesGOLD Earn Event Center

PANews reported on October 17 that according to OneKey’s Chinese Twitter account, regarding the random number vulnerability involved in the recent “Milk Sad incident,” the OneKey team clarified that the vulnerability does not affect the security of the mnemonics and private keys of OneKey’s software and hardware wallets. The vulnerability stems from Libbitcoin Explorer (bx) 3.x, which uses a pseudo-random number generator based on the system time and the Mersenne Twister-32 algorithm. With a seed space of only 2³² bits, attackers can predict or brute-force the private key. This vulnerability affects some older versions of Trust Wallet and all products using bx 3.x or older versions of Trust Wallet Core. OneKey stated that its hardware wallet utilizes an EAL6+ security chip with a built-in TRNG true random number generator; older devices have also passed SP800-22 and FIPS140-2 entropy testing; while its software wallet utilizes a system-level CSPRNG entropy source to generate random numbers, complying with cryptographic standards. The team emphasized that users are advised to use hardware wallets to manage their assets and not import mnemonics generated by software wallets into hardware wallets to ensure maximum security.PANews reported on October 17 that according to OneKey’s Chinese Twitter account, regarding the random number vulnerability involved in the recent “Milk Sad incident,” the OneKey team clarified that the vulnerability does not affect the security of the mnemonics and private keys of OneKey’s software and hardware wallets. The vulnerability stems from Libbitcoin Explorer (bx) 3.x, which uses a pseudo-random number generator based on the system time and the Mersenne Twister-32 algorithm. With a seed space of only 2³² bits, attackers can predict or brute-force the private key. This vulnerability affects some older versions of Trust Wallet and all products using bx 3.x or older versions of Trust Wallet Core. OneKey stated that its hardware wallet utilizes an EAL6+ security chip with a built-in TRNG true random number generator; older devices have also passed SP800-22 and FIPS140-2 entropy testing; while its software wallet utilizes a system-level CSPRNG entropy source to generate random numbers, complying with cryptographic standards. The team emphasized that users are advised to use hardware wallets to manage their assets and not import mnemonics generated by software wallets into hardware wallets to ensure maximum security.

OneKey responds to the Milk Sad incident: Confirmed vulnerability does not affect the security of its software and hardware wallets

2025/10/17 22:27

WALLET$0.00617-27.06%

The vulnerability stems from Libbitcoin Explorer (bx) 3.x, which uses a pseudo-random number generator based on the system time and the Mersenne Twister-32 algorithm. With a seed space of only 2³² bits, attackers can predict or brute-force the private key. This vulnerability affects some older versions of Trust Wallet and all products using bx 3.x or older versions of Trust Wallet Core.

OneKey stated that its hardware wallet utilizes an EAL6+ security chip with a built-in TRNG true random number generator; older devices have also passed SP800-22 and FIPS140-2 entropy testing; while its software wallet utilizes a system-level CSPRNG entropy source to generate random numbers, complying with cryptographic standards. The team emphasized that users are advised to use hardware wallets to manage their assets and not import mnemonics generated by software wallets into hardware wallets to ensure maximum security.

Market Opportunity

MilkyWay Price(MILK)

$0.002244

$0.002244$0.002244

+0.99%

USD

MilkyWay (MILK) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.