Researcher warns users of WalletGenerator.net their funds are at risk

Getting your Trinity Audio player ready...

WalletGenerator.net has been one of the easiest ways to create a crypto address. However, the simplicity could come at a cost according to one security researcher. Harry Denley, a security researcher with MyCrypto.com, posted a detailed Medium post outlining vulnerabilities he discovered on the site’s code.

WalletGenerator is a website that generates paper wallets for over 190 cryptocurrencies. However, according to Denley, he noticed an irregularity after the site changed ownership. The code being served via the WalletGenerator.net URL did not match the code on its GitHub repository.

Henley, together with a group of security researchers conducted an extensive research and found that the site is giving the same key to multiple users. They informed the owners of the site who according to the post, “responded by stating that they were unable to verify our claims and asking if we were perhaps on a phishing website.”

The researchers at one time used the “Bulk Wallet” generator to generate 1,000 unique keys. In the GitHub version, the 1,000 keys that were generated were unique as they expected. They then added:

“However, using WalletGenerator.net at various times between May 18, 2019 — May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.”

The implications could be far reaching, the report stated. This is especially so for those users that used the service between after August 17, 2018.

Henley warned, “For now, we’ll reiterate again: If you’ve generated a public/private keypair with WalletGenerator.net from August 17, 2018, and beyond, you need to move your funds to a new, secure wallet immediately. […] We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable.”

Henley further warned that currently, his team hadn’t been able to figure out if the current owners of the site are behind the malicious activities, if the servers being used have been compromised, or both.