- The analysis revolves around WalletGenerator’s original open-source code.
- The researcher advised removing funds from WalletGenerator-based paper wallets.
Harry Denley, a security researcher from MyCrypto.com, has recently posted a brief analysis of popular paper wallet site “WalletGenerator.net.” The core of the analysis revolves around WalletGenerator’s original open-source code. The online code matched the open-source code and it generated wallets using a client-side technique that took in real random entropy and produced a unique wallet until August 17, 2018.
As per Denley:
“Approaching from a different angle, we then used the “Bulk Wallet” generator to generate 1,000 keys. In the non-malicious, GitHub version, we are given 1,000 unique keys, as expected.
However, using WalletGenerator.net at various times between May 18, 2019 -May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.”
Denley highly recommends moving funds off of your WalletGenerator-based paper wallets:
“We’re still considering this highly suspect and still recommending users who generated public/private keypairs after August 17, 2018, to move their funds. We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable.”
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility.