Just had yet another person (hard to count the total now) reach out about a low-entropy seed they generated and were allowed to import into a certain hardware wallet. A lot of the blame for these lost funds falls on influencers who shill users on overly-complex security setups without properly explaining the massive risks and tradeoffs associated for the average user.
What happened
Less than 10min after funds were sent to what they thought was secure storage, they were swept to an attackers address.
They used <10 dice rolls, meaning the private key had <25bits of entropy when the minimum for strong security is 50 dice rolls (128 bits of entropy). Wallets should not allow a user to import a seed that they know is completely insecure.
Staying safe
As I have said many times, if you don't know the ins and outs of dice rolls, entropy, verification of the resulting seed offline, etc. please do not use dice rolls alone for seed generation. 99.99999% of users are better off allowing good, multi-source, open-source random number generation like we do on Passport.
To date I have heard of zero compromised seeds that were generated using on-board RNG due to entropy issues, while there are countless examples of users losing funds due to improper dice rolls.
Stay safe out there, folks.