Oh, so it's not entirely related to mini private keys but about bad entropy.
Bad entropy?
Yes "
bad entropy", the attacker (
or owner) replaced the pRNG by a deterministic approach, so the entropy is bad.
The backdoor isn't directly stealing bitcoins out of the victims.
It's because they edited the code's pRNG so that they can reproduce the private keys that the affected versions have generated.