Thousands of Bitcoin (BTC) wallets are prone to brute force attacks
Due to a known bug in the Libbitcoin Explorer (bx) 3.x library, over 120,000 Bitcoin (BTC) wallets globally can be hacked. A weak random number generation principle makes it easier for potential malefactors to guess seed phrases. Security researchers share some easy steps to protect your funds.
First discovered in November 2023, the vulnerability in Libbitcoin Explorer (bx) 3.x still makes non-custodial BTC wallets prone to brute force attacks. An overview of the potential hack vector was shared by the OneKey wallet team yesterday, Oct. 17, 2025.
The library in question — a toolkit of software development instruments for Bitcoin (BTC) wallets in the C++ programming language — generated random numbers using the Mersenne Twister-32 algorithm seeded only by the system time.
Since the seed space was limited to 2³² values in that case, the generated random numbers appeared to be more vulnerable to brute-force enumeration.
As a result, wallets generated with certain versions of Trust Wallet and directly with Libbitcoin Explorer (bx) 3.x can be recovered by malefactors. Within a short time, attackers can derive private keys:
Because the seed space is so small, a high-performance personal computer can enumerate all possible seeds within days, allowing attackers to predict private keys generated at arbitrary time points and steal assets on a large scale.
As such, the weakness in RNG, despite being known for two years, still affects the audience of Bitcoin’s (BTC) on-chain wallets.
To prevent wallets from being attacked, users of non-custodial Bitcoin (BTC) addresses created with vulnerable tooling in 2017-2023 should move their funds to other storages, protected by Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) tech.
Also, generation of new seed phrases — particularly, based on BIP 39 rules — might be helpful in enhancing the security layer of Bitcoin (BTC) wallets.
Then, it is recommended to audit all paper or hardware wallets that might be affected by the vulnerability — known as the “Milk Sad Case.”
In case of software wallets, users should always be sure to use the latest version of software and operating systems.
