On August 14th, it was reported that the milksad.info team had discovered a major vulnerability in the Bitcoin libbitcoin-explorer (command line tool bx) on July 21st. Currently, the GitHub page shows that the vulnerability has been fixed today and the bx seed command has been removed. The bx seed tool generates mnemonic words using only the system time as a source of randomness, so bx seed can only generate one of about 4 billion mnemonic words, making it easy for attackers to regenerate these 4 billion mnemonic words.

The team discovered more than 2600 Bitcoin wallets based on bx seed entropy and high activity, with similar small deposits in 2018. Cake Wallet and Trust Wallet also have similar vulnerabilities, while other wallets have not been affected by this vulnerability.

The vulnerability was exploited by hackers on May 3rd, and the most serious theft occurred on July 12th, with a total of 29.65 BTC stolen, worth about $870,000. The article states that at least about $900,000 of stolen assets have been transferred. In addition to BTC, ETH, XRP, DOGE, SOL, LTC, BCH, and ZEC tokens have all been confirmed stolen.