I'm really quite afraid of this ever-growing list of entropy/randomness/RNG flaws through time, as it relates to all our much vaunted bitcoin-specific hardware and software:

1930s: Enigma, encrypted letter could never be the same as the original letter 
1994: Netscape SSL, seeds easily guessed, such as the time of day
2008: Debian/Ubuntu OpenSSL, only 32,000 unique host keys
2013: Android SecureRandom, repeated Bitcoin public keys
2023: MilkSad, Libbitcoin Explorer (bx), Mersenne Twister 32 bit (4 billion keys) limit
?: (Bitcoin Core|Lightning|Liquid|Nostr)* 

 chatgpt added:

2012: Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) backdoor, likely introduced by NSA 

2016: Infineon RSA, tokens, smart cards, and TPMs, weak RSA keys. ROCA (Return of Coppersmith's Attack), factorize private keys

∞: IoT Devices, 'nough said