
How a Defective Random Number Generator Drained $5M From Wallets
In May 2026, users of non-custodial crypto wallets — the kind where the person holds their own keys instead of an exchange — started losing funds without entering a password or having physical access to their device taken. The cause turned out to be a flaw in the random number generator (RNG) used to create seed phrases, the word sequences that restore access to a wallet, Cryptonomist reports.
Normally, a seed phrase should be cryptographically unpredictable — the number of possible combinations is so large that brute-forcing it is physically impossible even with modern computing power. A defective RNG dramatically narrows that space of possible combinations, making the generator's output "far easier to guess than it should ever be" — which is exactly what opens the door for attackers to systematically reconstruct other people's seed phrases.
As of May 2026, roughly $5 million had been stolen across hundreds of confirmed cases, affecting thousands of blockchain addresses worldwide. Two independent security firms, CertiK and PeckShield, are investigating and preparing technical breakdowns of the flaw.
The upshot: users holding funds in non-custodial wallets have good reason to check exactly how and on what device their seed phrase was generated — especially if the wallet was created using a lesser-known or long-unupdated app. An RNG flaw isn't a user mistake or a phishing scam — it's a software-level gap that's impossible to spot without a dedicated audit.
None of this should be read as personalized investment advice.

Author
Mike RobinsonNews feed editor
I'm constantly writing about crypto, Bitcoin, and altcoins. I cover a variety of topics related to the virtual currency market.
Comments (0)
No comments yet — be the first!
Related news

The DAO: How a $60M Hack Split Ethereum in Two

Web3 Lost $1.31B in H1 2026 — Breaking Down CertiK's Report
