BSV
$69.25
Vol 140.12m
4.13%
BTC
$97489
Vol 53207.93m
-1.93%
BCH
$502.97
Vol 1809.21m
3%
LTC
$97.95
Vol 2745.56m
7.83%
DOGE
$0.42
Vol 24335.24m
4.71%
Getting your Trinity Audio player ready...

WalletGenerator.net has been one of the easiest ways to create a crypto address. However, the simplicity could come at a cost according to one security researcher. Harry Denley, a security researcher with MyCrypto.com, posted a detailed Medium post outlining vulnerabilities he discovered on the site’s code.

WalletGenerator is a website that generates paper wallets for over 190 cryptocurrencies. However, according to Denley, he noticed an irregularity after the site changed ownership. The code being served via the WalletGenerator.net URL did not match the code on its GitHub repository.

Henley, together with a group of security researchers conducted an extensive research and found that the site is giving the same key to multiple users. They informed the owners of the site who according to the post, “responded by stating that they were unable to verify our claims and asking if we were perhaps on a phishing website.”

The researchers at one time used the “Bulk Wallet” generator to generate 1,000 unique keys. In the GitHub version, the 1,000 keys that were generated were unique as they expected. They then added:

“However, using WalletGenerator.net at various times between May 18, 2019 — May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.”

The implications could be far reaching, the report stated. This is especially so for those users that used the service between after August 17, 2018.

Henley warned, “For now, we’ll reiterate again: If you’ve generated a public/private keypair with WalletGenerator.net from August 17, 2018, and beyond, you need to move your funds to a new, secure wallet immediately. […] We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable.”

Henley further warned that currently, his team hadn’t been able to figure out if the current owners of the site are behind the malicious activities, if the servers being used have been compromised, or both.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement