The three-million-user Klever wallet said that its platform was exploited. The release was made on July 13 via a Twitter post, where the team said that the exploit was caused by a low entropy mnemonic. The statement said that the attack on July 12 was similar to what was reported by TrustWallet Explorer in April.
The release stated that the flaw came from an algorithm used by not only KleverWallet but by ‘numerous wallet providers.’
“The flaw in the algorithm compromised the security and unpredictability of the generated keys, potentially making them susceptible to unauthorized access or malicious activities. It is important to address this issue promptly and take necessary measures to ensure the security of your wallets and funds.”
Created using an old and weak pseudorandom number generator
It added that the root cause of the flaw is the difficulty involved in generating randomness. It added that the wallets affected by the attack were weakened by the fact that they were not originally made using Klever wallet K5, but were imported into Klever wallet after they were “created using an old and weak pseudorandom number generator (PRNG) algorithm as their entropy source.”
This is the algorithm used for older cryptocurrency wallets, and it can compromise the security and unpredictability of generated keys, making them susceptible to unauthorized access.