I was looking at https://github.com/JeanLucPons/Kangaroo and he says it would take several years to crack #130 with an exposed public key which is 129bits of entropy but don't some wallets use a 128bit private key? This would mean they could be cracked if their public key is exposed and the attack has a decent amount of compute. I know some wallets allow 12 words seeds but when they actually produce private keys from that seed do they make it a 256bit private key or 128bit?