Klever Alert: External Security Incident

<img src="klever, security alert.png" alt="">

Klever issued a Security Alert on an external incident affecting some crypto wallet users, making everything clear and safe.

It’s important to underscore that this issue is not exclusive to Klever. Reports indicate that multiple wallet providers are affecting users.

We became aware of the incident when users reported suspicious activity within their wallets. Though still under investigation, the issue appears to impact a subset of Klever users across various cryptocurrencies.


Security Measures and Recommendations

Klever’s robust and dedicated security team is monitoring the wallets involved round-the-clock. We’re also cooperating with security firm TRM Labs, coordinating with industry peers, cybersecurity experts, and relevant authorities to thoroughly investigate and mitigate the issue.

At Klever, the security of our users’ assets is our top priority. We advise all users to remain vigilant and review their accounts for any unusual activity or transactions.

As a proactive measure, we recommend all users revoke access to dApps not currently in use, to further safeguard against any potential klever security alert threats..

If you encounter any anomalies, please report them to our support team immediately at support.klever.org. We have expanded our support staff to promptly address any user concerns during this time.

We understand the concern and inconvenience, and assure users we are addressing this issue swiftly and securely.

Going forward, we will keep our users informed about the ongoing situation. We commit to keeping open lines of communication as we handle Klever incident together.

Updates will be posted on our official Twitter page when details become available.

Thank you for your patience and understanding during this time. Rest assured that Klever remains dedicated to providing a secure platform and an optimal user experience for all.


Update – 07-12-2023 20:06 GTM-3

After conducting a thorough investigation, we have determined that all the wallets that were impacted by suspicious activity on July 12th were affected by an already known exploit caused by low entropy mnemonic, like the one reported by TrustWallet explorer extension in April 2023. This algorithm, known as Random Generation used by Bip39 implementation, was previously used by numerous cryptocurrency wallet providers. The flaw in the algorithm compromised the security and unpredictability of the generated keys, potentially making them susceptible to unauthorized access or malicious activities. It is important to address this issue promptly and take necessary measures to ensure the security of your wallets and funds, including those managed by Klever.


How are wallets created?

Entropy generation is a complex concept that challenges scientists’ preference for reproducibility and the ability to explain phenomena through cause-and-effect principles. In general, it is difficult to intentionally generate randomness. Additionally, verifying the correctness of random numbers is a challenging task, as even a flawed random number generator can deceive an observer without being completely unreliable.

To achieve good randomness, certain characteristics are necessary. Firstly, there should be a uniform distribution of bits and bytes, as well as consistency in the size of all data chunks. This ensures that each possible outcome has an equal chance of occurring. Secondly, unpredictability is crucial. An observer should be unable to gather any information about the next part of the sequence to be generated, making it impossible to predict or anticipate the sequence.

In summary, generating true randomness is a challenging endeavor, requiring uniformity, unpredictability, and the absence of any observable patterns or dependencies in the generated sequence.

Understanding How It Works

The Hierarchical Deterministic (HD) scheme has gained widespread adoption due to its convenience in key management and portability. Users can easily create backups of an extensive number of keys, thanks to the hierarchical structure, and carry them wherever they go.

One of the notable advantages of the HD scheme is signer roaming. This feature allows users to switch to another wallet seamlessly if their preferred wallet fails or fails to meet their expectations. By simply taking their mnemonic (a seed phrase used to derive keys) with them, users can retain control over their funds, maintain financial freedom, and mitigate the impact of any wallet downtime or issues.

However, it’s important to emphasize that flawless entropy generation is a crucial requirement for the HD scheme. Entropy refers to the measure of randomness or unpredictability. In the context of HD schemes, a flawless entropy source is essential for generating secure and unpredictable keys. If the entropy source is flawed or compromised in any way, it can weaken the security of the keys and expose them to potential vulnerabilities.

In summary, the HD scheme offers users the ability to easily manage and back up numerous keys, as well as the flexibility to switch between wallets through signer roaming. However, it is crucial to ensure a flawless entropy source to maintain the security and integrity of the scheme.

Klever Issue Overview

In the incident mentioned, users imported all the wallets into Klever Wallet K5. These wallets had not been originally created using Klever Wallet K5, instead all the wallets were created using an old and weak pseudorandom number generator (PRNG) algorithm as their entropy source. This algorithm was commonly used in early versions of various cryptocurrency wallet providers, which relied on the Javascript platform. The use of such a weak PRNG algorithm can significantly compromise the security and unpredictability of the generated keys, potentially making them more vulnerable to attacks or unauthorized access.

Klever Wallet Security Measures

On the Klever platform, secure core codes for entropy and mnemonic generation use the native PRNG algorithm. For iOS devices, the function SecRandomCopyBytes provides entropy. Meanwhile, on Android, an instance of the java.security.SecureRandom class sources the entropy. These mechanisms securely generate entropy and mnemonics on Klever by leveraging the security features of operating systems.

Additionally, KleverSafe, a part of Klever, uses a true RNG that utilizes physical phenomena to generate entropy.

This true RNG provides a reliable and highly secure source of randomness. Moreover, KleverSafe implements an analog entropy source, which a high-quality conditioning stage processes. This includes an analog noise source, a digitization stage with post-processing, a conditioning algorithm, a health monitoring block, and two interfaces for interacting with the entropy source, guaranteeing a robust security alert system.

The combination of these features ensures KleverSafe’s random numbers are secure and resistant to brute-force attacks. Utilizing physical phenomena and rigorous monitoring, KleverSafe offers reliable randomness for cryptographic operations within the Klever ecosystem.

Klever Action Required

We highly recommend migrating old wallets to new ones on Klever Wallet K5 or KleverSafe. This ensures you benefit from enhanced security measures and improved entropy generation in Klever.

This proactive step will safeguard your funds from vulnerabilities linked to outdated pseudorandom number generator algorithms. Migrating to the latest Klever wallet ensures a more secure and reliable environment for managing your cryptocurrencies.


If you encounter any anomalies, please report them to our support team immediately at support.klever.org. Additionally, we have expanded our support staffing to promptly address any user concerns during this time.

We assure our Klever users that we are handling this security alert swiftly and safely.

Going forward, we will keep our Klever users informed about the ongoing security alert. We commit to keeping open lines of communication as we handle this incident together.

Thank you for your patience and understanding during this time. Rest assured that Klever remains dedicated to providing a secure platform and an optimal user experience for all.