data/dart_random__cake_wallet_pattern__electrum_mnemonic/README.md

Cake Wallet - Weak Bitcoin Wallets

This folder is about vulnerable versions of Cake Wallet which used the insecure Random::Random() PRNG of the Dart programming language to generate Bitcoin cryptocurrency wallets, resulting in extremely weak wallets.

Unlike other wallet software, the used mnemonic standard is Electrum, not BIP39, and the public usage is (to our knowledge) Bitcoin-specific.

See also:

• https://milksad.info/posts/research-update-6/
• https://milksad.info/posts/research-update-9/
• https://milksad.info/posts/research-update-10/

(incomplete article list)

Data

Hashed Mnemonic Seed of Discovered Wallets

A collection of hashes over the mnemonic secrets for all vulnerable wallets we discovered at the time of data set creation.

• Creation date: around 2023-11-24
• Detection: confirmed Bitcoin Mainnet usage of a bc1 address on at least one of the sub-accounts, checked until #79
• Bitcoin Mainnet address database from ca. early 2023-11
• Entry format: SHA-256 hash computed over the lowercase space-separated seed string without leading spaces, trailing spaces or newlines
• File format: newline-separated ASCII entries, sorted
• Additional comments: 12 word Electrum seed, "100" segwit prefix

Data example

Mnemonic: ensure finish energy title soccer frame audit ahead swim fee course shoe

Hash result: f56599f4353c6f5d4d01cf9a9c2548cc2a70d3684c127962515b681692ab2b3e

The example is a valid mnemonic but was unused at the time, and is therefore not included in the data set itself.

Publication Details

We provided the 11/2023 version of this data set to the Cake Wallet vendor on 2023-11-24 for public adoption into patched new app versions. The data allows for client-side checks in the application to spot and warn of a continued use of known-vulnerable wallets.

They merged it via https://github.com/cake-tech/cake_wallet/pull/1238/files on 2023-12-18.