This has nothing todo with Birthday Attack, and they are correctly using the right hashing function, the problem is with the processing of the seed. In a BIP39 compliant wallet the password in reality is used as salt. The problem was the faulty implementation of the Key Stretching Function reduced the entropy and thats it.
for more context please check;https://github.com/bitcoin/bips/blob/master/bip-0039.mediawikihttps://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
CSA GCR has already published 7 blockchain related security document in Chinese so far. We are behind in translating them into English and may need help to recruit some volunteers to do the translation. Here are the 7 documents which were published during CSA GCR Annual Conference in Shanghai, in early December this year
1: Digital Wallet Security Practise and Testing
2: Top Crypto Exchange Security Risks
3: Blockchain Data Layer Security
4: Smart Contact Security and Testing Guide
5: AML and Chain Analysis for Digital Asset Transactions.
6: Dapp Security Best Practise and Testing
7: Decentralized Identity Security and Privacy Considerations
Next year, we will work on the following two white papers:
1: Consensus Algorithm Security Best Practices (Led by two Professors from Peking University)
2: Blockchain Network Securtiy (Led by a professor and Dean of Computer Science from Beijing Institute of Technology)