Oh, so it's not entirely related to mini private keys but about bad entropy.
Bad entropy?
Yes "
bad entropy", the attacker (
or owner) replaced the pRNG by a deterministic approach, so the entropy is bad.
The backdoor isn't directly stealing bitcoins out of the victims through non-entropy related method.
It's because they edited the code's pRNG so that they can reproduce the private keys that the affected versions have generated.
I see, that makes sense after you explain it in detail.
Is there a process of getting the generator officially vetted?
Regards
Team RC
Short answer, get a security audit.