I'm really quite afraid of this ever-growing list of entropy/randomness/RNG flaws through time, as it relates to all our much vaunted bitcoin-specific hardware and software:

1930s: Enigma, encrypted letter could never be the same as the original letter 
1994: Netscape SSL, seeds easily guessed, such as the time of day
2008: Debian/Ubuntu OpenSSL, only 32,000 unique host keys
2013: Android SecureRandom, repeated Bitcoin public keys
2023: MilkSad, Libbitcoin Explorer (bx), Mersenne Twister 32 bit (4 billion keys) limit
?: (Bitcoin Core|Lightning|Liquid|Nostr)*