Crypto wallet provider Klever recently issued a Security Alert due to an external security incident that affected users across various wallet providers. The incident came to light on July 12, 2023, when users reported suspicious activity within their wallets.
The extent of the issue was under investigation, but it appeared to affect a subset of users across different cryptocurrencies. Klever’s security team monitored the wallets involved round-the-clock and cooperated with security firm TRM Labs to investigate and mitigate the issue.
Klever advised all users to remain vigilant and review their accounts for any unusual activity or transactions. As a proactive measure, the wallet provider requested users to revoke access to dApps that were not in use.
The company determined that all the wallets impacted by suspicious activity were affected by an already known exploit caused by low entropy mnemonic. A “low entropy mnemonic” refers to a seed phrase that has been generated from a source of low randomness. This means that the seed phrase is less random and, therefore, potentially more predictable, which is a security concern. If an attacker could predict or guess the seed phrase, they could gain access to the wallet and the funds it controls.
In the context of the Klever incident, the low entropy mnemonic was a result of using a weak pseudorandom number generator (PRNG) algorithm. This led to less random and potentially predictable seed phrases, which were exploited in the security incident.
The wallets involved were imported into Klever Wallet K5 and were created using an old and weak pseudorandom number generator algorithm as their entropy source. This algorithm was commonly used in early versions of various cryptocurrency wallet providers, which relied on the Javascript platform.
To avoid such issues, newer Klever wallets use secure, system-native codes for creating entropy and mnemonics with the PRNG algorithm. Meanwhile, KleverSafe, a part of Klever, uses a special type of Random Number Generator (RNG) that creates randomness based on physical events.
As such, Klever suggested that users with older wallets should switch to newer ones made on Klever Wallet K5 or Klever Safe. This proactive step would help safeguard funds and protect them from potential vulnerabilities associated with outdated or weak PRNG algorithms.
In a similar incident in April 2023, TrustWallet users reported suspicious activity due to a low entropy mnemonic exploit. The exploit was linked to a flaw in the algorithm that compromised the security and unpredictability of the generated keys, potentially making them susceptible to unauthorized access or malicious activities.