Seed Phrase - Low entropy Mnemonic

I can’t seem to find anything related to the topic thread on the forum so I made a new post. As of July 12th a BTC wallet of mine got drained to due a appearently know bug, which occured as of recently july 12th with generated wallet by Klever.
The low entropy mnemonic, like the one reported by TrustWallet explorer extension in April 2023. The algorithm, known as random generation used by BIP339 implementation, which was previously used by numerous cryptocurrency wallet providers.

The affected wallets were reportedly created using an old and weak pseudorandom number generator (PRNG) algorithm.

My concerns are, that I created a few MetaMask wallets a few years back (starting september 2020). Are these wallets also subject to the low entropy mnemoic seed phrase generation? And the above occured situation with both TrustWallet and Klever wallet. As I want to avoid getting drained again.

Thanks for reading.

1 Like

Hey @Burned, welcome to the MetaMask community! :fox_face:

I can’t seem to find much information from official sources on what happened with Klever wallet, but MetaMask uses BIP-39 to generate Secret Recovery Phrases.


Hey @nakedwinnie thanks, happy to be here!

I came to this basically ‘Seed generation owas flawed, the total entropy was only 32 bits.’

But the following acticle explains it more thoroughly, google for the following, first article on ledger blogpost: Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen

And here the specific twitter message by Klever:

ssue Update 07-12-2023 20:06 GTM-3

After conducting a thorough investigation, we have determined that all the wallets that were impacted by suspicious activity on July 12th were affected by an already known exploit caused by low entropy mnemonic, like the one reported by TrustWallet explorer extension in April 2023. This algorithm, known as Random Generation used by Bip39 implementation, was previously used by numerous cryptocurrency wallet providers. The flaw in the algorithm compromised the security and unpredictability of the generated keys, potentially making them susceptible to unauthorized access or malicious activities. It is important to address this issue promptly and take necessary measures to ensure the security of your wallets and funds.

How wallets are created

Entropy generation is a complex concept that challenges scientists’ preference for reproducibility and the ability to explain phenomena through cause-and-effect principles. In general, it is difficult to intentionally generate randomness. Additionally, verifying the correctness of random numbers is a challenging task, as even a flawed random number generator can deceive an observer without being completely unreliable.

To achieve good randomness, certain characteristics are necessary. Firstly, there should be a uniform distribution of bits and bytes, as well as consistency in the size of all data chunks. This ensures that each possible outcome has an equal chance of occurring. Secondly, unpredictability is crucial. An observer should be unable to gather any information about the next part of the sequence to be generated, making it impossible to predict or anticipate the sequence.

In summary, generating true randomness is a challenging endeavor, requiring uniformity, unpredictability, and the absence of any observable patterns or dependencies in the generated sequence.

The Hierarchical Deterministic (HD) scheme has gained widespread adoption due to its convenience in key management and portability. Users can easily create backups of an extensive number of keys, thanks to the hierarchical structure, and carry them wherever they go.

One of the notable advantages of the HD scheme is signer roaming. This feature allows users to switch to another wallet seamlessly if their preferred wallet fails or fails to meet their expectations. By simply taking their mnemonic (a seed phrase used to derive keys) with them, users can retain control over their funds, maintain financial freedom, and mitigate the impact of any wallet downtime or issues.

However, it’s important to emphasize that flawless entropy generation is a crucial requirement for the HD scheme. Entropy refers to the measure of randomness or unpredictability. In the context of HD schemes, a flawless entropy source is essential for generating secure and unpredictable keys. If the entropy source is flawed or compromised in any way, it can weaken the security of the keys and expose them to potential vulnerabilities.

In summary, the HD scheme offers users the ability to easily manage and back up numerous keys, as well as the flexibility to switch between wallets through signer roaming. However, it is crucial to ensure a flawless entropy source to maintain the security and integrity of the scheme.

Issue Overview

In the incident mentioned, all the wallets involved were imported into Klever Wallet K5. These wallets had not been originally created using Klever Wallet K5, instead all the wallets were created using an old and weak pseudorandom number generator (PRNG) algorithm as their entropy source. This algorithm was commonly used in early versions of various cryptocurrency wallet providers, which relied on the Javascript platform. The use of such a weak PRNG algorithm can significantly compromise the security and unpredictability of the generated keys, potentially making them more vulnerable to attacks or unauthorized access.

Thanks for sharing!

Here is more information on our Knowledge Base on how they’re generated by MetaMask:


That article is helpfull nakedwinnie!

I would like to have something check or confirmed as some wallet providers have used a third-party library developed by Trezor during 2017 - 2020. This library is widely utilized by various prominent wallets in the market. It is about the mechanism how Seed Phrase was generated inside wallet apps. Do you now if MetaMask used the Trezor library during 2017-2020?
If so wallet created during that period might be at risk, one of them would be my own.

I don’t want to create uncertainty or fud, just want to secure my generated wallets from back then. Thanks!

Do you know the name of that library? Any more information on it?

Feel free to also look through for it on our GitHub:


I can’t seem to find the exact library myself. But I assume that MetaMask used and created their own in 2020 then, if I go through the github. And didn’t copy pasta it from Trezor.

This topic was automatically closed after 30 days. New replies are no longer allowed.