SALES, RENTALS & LAYAWAYS

PROTECTING EVERYTHING THAT HAS EVER BEEN OF VALUE TO YOU

Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Researcher Discovers Serious Vulnerability In Paper Crypto Wallet Site (#GotBitcoin?)

A security researcher from MyCrypto.com, Harry Denley, has posted a detailed – and damning – analysis of paper wallet site WalletGenerator.net. Researcher Discovers Serious Vulnerability In Paper Crypto Wallet Site (#GotBitcoin?)

Researcher Discovers Serious Vulnerability In Paper Crypto Wallet Site (#GotBitcoin?)

The core of the analysis hinges on WalletGenerator’s original open-source code, available here. Until August 17, 2018 the online code matched the open-source code and the entire project generated wallets using a client-side technique that took in real random entropy and produced a unique wallet. But sometime after that date the two sets of code stopped matching.

The result? The very real possibility that WalletGenerator is giving the same keys to multiple users. To test this, MyCrypto’s researcher ran the generator in bulk and got some odd results.

“Approaching from a different angle, we then used the “Bulk Wallet” generator to generate 1,000 keys. In the non-malicious, GitHub version, we are given 1,000 unique keys, as expected.

However, using WalletGenerator.net at various times between May 18, 2019 — May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.”

While the odd behavior was not found as of last Friday (May 24), it could be return at any time.

“We’re still considering this highly suspect and still recommending users who generated public / private keypairs after August 17, 2018, to move their funds,” the researcher says. “We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable.”

You can read the entire report here, but Denley recommends moving funds off of your WalletGenerator-based paper wallets. As there is no clear way to contact the “two random guy [sic] having fun with a side project” who apparently run the site, we can safely recommend you avoid the site altogether. Researcher Discovers Serious Vulnerability, Researcher Discovers Serious Vulnerability

 

Related Articles:

Online Privacy Tools and Tips

First American Financial Leaks Hundreds Of Millions Of Title Insurance Records (#GotBitcoin?)

Ex-Intelligence Analyst Charged With Leaking Classified Information

Google To Launch New Privacy Tools To Limit Cookies

Google Vs Duckduckgo | Search Engine Manipulation, Censorship And Why You Should Switch (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply