The affected wallets were reportedly created using an old and weak pseudorandom number generator (PRNG) algorithm.
A crypto wallet service – Klever – revealed that an already known exploit caused by low entropy mnemonic affected several users. The incident first came to light when users reported suspicious activity within their wallets earlier this week.
As per the company’s update, the algorithm called Random Generation, used by Bip39 implementation, was previously used by numerous cryptocurrency wallet providers. However, a flaw in the algorithm compromised the security and unpredictability of the generated keys, thereby making wallets susceptible to unauthorized access or malicious activities.
Addressing the incident, Klever said all affected wallets were imported into Klever Wallet K5.
These wallets had not been originally created using Klever Wallet K5 but were previously built using an outdated and ineffective pseudorandom number generator (PRNG) method as their entropy source.
According to the company, this algorithm was widely used in early versions of various crypto wallet providers, which relied on the Javascript platform.
It also highlighted that such a weak PRNG algorithm can significantly compromise the security and unpredictability of the generated keys, potentially making them more vulnerable to attacks or unauthorized access.
On the Klever platform, the core codes responsible for entropy and mnemonic generation that utilize the PRNG algorithm are implemented with robust security measures and are native to the operating system.”
Klever said the incident is similar to the one reported by the TrustWallet explorer extension earlier in April.
The company advised users currently possessing any old wallets that were created before Klever Wallet to promptly move to new ones created on Klever Wallet K5 or Klever Safe.
Initial investigation suggested that the suspicious activity was not exclusive to Klever and that users of multiple wallet providers are affected.