Beware of crypto wallet vulnerability. If you used a private key from WalletGenerator.net after the 17th of August 2018, it is best you pull out your funds NOW! Security researcher Harry Denley has evidence to back up his belief that there is malicious activity taking place with the paper wallet site.
Crypto Wallet Vulnerability
Paper wallet sites such as WalletGenerator.net are useful and easy to use tools for users to generate private or public keys. Nevertheless, such interfaces are prone to vulnerabilities when it comes to the original key source. Such vulnerabilities come as a result of websites being malicious and secretive from within or from hackers attacking the site. Therefore, just like in this case; in the event of crypto wallet vulnerability, large amounts of user funds are left vulnerable to theft.
WalletGenerator.net – What is a paper wallet?
Paper wallets are offline tools for storing Bitcoin. One has to literally print their Bitcoin addresses and private keys on paper, hence the name. They are basically like physical wallets, and are considered to be one of the safest ways to keep your Bitcoin safe.
WalletGenerator is a well-known website that generates paper wallets for many different cryptocurrencies such as; Bitcoin, Ethereum, Litecoin and many more. The code on the website is to be an open-source code and audited and matched the one on Github.
How did the Crypto Wallet Vulnerability come about?
The cryptocurrency wallet platform, known as MyCrypto.com, published an article on Medium; that explains the investigation of WalletGenerator.com that started in August last year. According to MyCrypto.com’s researcher, Harry Denely; WalletGenerator’s original open source code was the same as the online code on Github as it is meant to be; until August 17, 2018. At this point, the codes were no longer matching, and hence, the investigations commenced. Analysing this strange mismatch, it appeared that WalletGenerator.com could be distributing the same key to several different users. To check the accuracy of this possibility, Harry Denley made some comparisons and got some interesting results.
According to the post on Medium, that explains the crypto wallet vulnerability as it happened; in their analysis between the dates; May 18 and May 23rd, they tried to make 1000 keys using the website’s bulk generator. From Github 1000, unique keys were returned; however, the live code returned only 120 keys. The report indicates that while running the bulk generator with any altered factors; it always returned 120 unique keys instead of 1000 unique keys. In a nutshell, the result was always the same even after; refreshing the browser, changing user, changing VPN, as well as changing any other factors. This also showed that it was not the code on Github that was the problem.
Therefore, it is not clear as to who or what is responsible for the crypto wallet vulnerability on site; or rather the code changes. Could it be the new owner? Could it be an external party? Who knows! Nevertheless, the security researcher Harry Denley according to the post; advises anyone who has used a key generated from WalletGenerator.com to move their funds to another secure crypto wallet.