Milk Sad Vulnerability: A Comprehensive Overview

2 min readAug 17, 2023


The Milk Sad vulnerability has emerged as a significant concern within the cryptocurrency sphere. This flaw has led to an approximate loss of $900,000 from various crypto wallets, highlighting the critical nature of such security vulnerabilities.

The Nature of the Vulnerability

Milk Sad is a vulnerability associated with the Libbitcoin Explorer (bx) tool, specifically versions 3.0.0 to 3.6.0. This tool’s primary function is to generate mnemonic phrases for cryptocurrency wallets. The vulnerability stems from the tool’s constrained ability to generate a diverse range of mnemonic phrases, resulting in a predictable set of phrases. Consequently, this allows attackers to precompute the private keys linked to these mnemonics, granting them unauthorized access to the affected wallets.

Origin of the Flaw

The flaw was inadvertently introduced due to an issue in the bx tool’s random number generator. Instead of generating a broad spectrum of mnemonic phrases, the tool was confined to a limited set, simplifying the task for attackers to anticipate and compute the corresponding private keys. This problem was identified in versions of the tool released post March 2017.

Lookup Service for Affected Users

A lookup service is available to help individuals ascertain if their mnemonics fall within the vulnerable set. For security reasons, the service does not store BIP39 mnemonics. Instead, it houses SHA-256 hashes of all currently recognized vulnerable mnemonics. Users can compare the SHA-256 hash of their mnemonic to this database.

Utilizing the Lookup Service:

  1. Offline Hash Generation: A hash of the mnemonic is obtained from an offline live-booted Linux distribution on trusted hardware.
  2. Hash Submission: The hash is then transmitted to an online system and submitted to the lookup service, either through a browser interface or terminal.
  3. Inspecting the Response: The service’s response indicates whether the mnemonic is part of the vulnerable set or not.


The Milk Sad vulnerability underscores the inherent risks present in the digital asset domain. It emphasizes the importance of continuous monitoring, updates, and awareness in the ever-evolving landscape of cryptocurrency security.

💌 Get In Touch

For questions, or just to say hi, feel free to reach out to me on Twitter @ruisiang_tw or drop me an email at




Blockchain and Backend Developer, Privacy Advocate, Crypto Enthusiast. Twitter: ruisiang_tw