Recently, the news of “a Cambodian fraud network being seized with nearly 130,000 Bitcoins (valued at approximately $15 billion)” has attracted wide public attention.
The core technical cause of this incident lies in pseudo-random number vulnerabilities during the private key generation process of certain Bitcoin wallets.
Regarding this security vulnerability, the BenFen team has completed verification and assessment:
- Has never used Libbitcoin Explorer or any of its derivative code;
- Has not adopted non-cryptographically secure random algorithms such as mt19937 for key, seed, or mnemonic generation;
- Is not affected by CVE-2023-39910 or any related “Milkysad” weak random number vulnerabilities.
BenFen public chain is based on zero-knowledge proof (ZKP) technology, which realizes a secure, efficient, and decrypted account login and transaction verification mechanism, and natively supports zkLogin wallet, providing a secure and reliable identity verification and interaction foundation for BenPay.
Users do not need to directly manage mnemonic phrases or private keys to complete identity authentication and on-chain operations.
- zkLogin Workflow
- Based on the OAuth2.0 authorization mechanism, users generate a JSON Web Token (JWT) using their OAuth web accounts;
- The application submits the JWT and salt to the zero-knowledge proof generator to produce a transaction proof;
- The user then uses this proof to complete transactions on the BenFen chain, enabling secure login and privacy protection.
- Proof Circuit Security Design
- Employs the Groth16 proving algorithm;
- Utilizes multi-party computation (MPC) across multiple devices to generate proving keys, preventing single-point randomness leakage or tampering risks;
- Security protection: diversified and unpredictable random sources ensure that the entire proof generation process is resistant to attacks and fully verifiable.
BenFen has implemented a secure entrance design of “one-click creation and login wallet” through the zkLogin wallet system, providing BenPay users with a more comprehensive privacy protection mechanism while ensuring a convenient experience.
BenFen also supports OpenBlock wallet login, which uses an MPC + HSM architecture to secure private key generation and signature processes.
BenFen is committed to maintaining the highest security standards, conducting continuous internal audits and monitoring to provide users with a safe and reliable environment for managing digital assets.
Security and trust have always been the foundation of BenFen.
For any inquiries, please contact: support@benpay.com