WalletGenerator.net has been one of the easiest ways to create a crypto address. However, the simplicity could come at a cost according to one security researcher. Harry Denley, a security researcher with MyCrypto.com, posted a detailed Medium post outlining vulnerabilities he discovered on the site\u2019s code. WalletGenerator is a website that generates paper wallets for over 190 cryptocurrencies. However, according to Denley, he noticed an irregularity after the site changed ownership. The code being served via the WalletGenerator.net URL did not match the code on its GitHub repository. Henley, together with a group of security researchers conducted an extensive research and found that the site is giving the same key to multiple users. They informed the owners of the site who according to the post, \u201cresponded by stating that they were unable to verify our claims and asking if we were perhaps on a phishing website.\u201d The researchers at one time used the \u201cBulk Wallet\u201d generator to generate 1,000 unique keys. In the GitHub version, the 1,000 keys that were generated were unique as they expected. They then added: \u201cHowever, using WalletGenerator.net at various times between May 18, 2019\u200a\u2014\u200aMay 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.\u201d The implications could be far reaching, the report stated. This is especially so for those users that used the service between after August 17, 2018. Henley warned, \u201cFor now, we\u2019ll reiterate again: If you\u2019ve generated a public\/private keypair with WalletGenerator.net from August 17, 2018, and beyond, you need to move your funds to a new, secure wallet immediately. We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable.\u201d Henley further warned that currently, his team hadn\u2019t been able to figure out if the current owners of the site are behind the malicious activities, if the servers being used have been compromised, or both.