A critical vulnerability has been discovered in libbitcoin-explorer
(command-line tool bx), known as “milk sad”.
If at any point in the past, you may have used the bx seed tool to generate
your crypto wallet’s seed phrase, you must IMMEDIATELY generate a new seed
phrase using an up-to-date secure wallet and move your funds to the new
wallet.
The bug in bx seed is simple: it used only the system’s time as a source of
randomness when generating seed phrases. As a result, bx seed could only ever
produce one of around 4 billion seed phrases. This set of 4 billion seed phrases
can easily be re-generated by attackers, and funds are currently being stolen
from wallets using one of these seed phrases.
Similar bugs have existed in Cake Wallet and Trust Wallet, see the details in
the milk sad discoverers’ technicalwriteup. If you used those wallets, I
recommend re-generating a new seed phrase as well.
As far as I know, other wallets are not affected by this bug. To protect
yourself against these kinds of bugs, be sure to only use a wallet which has
undergone an independent security review.