Author

Topic: Disclosure: Key generation vulnerability found on WalletGenerator.net (Read 170 times)

legendary
Activity: 3094
Merit: 1472
Never thought that there would be a way to cross the users like this. Gotta turn on my habit of offline generation of address from now onwards. I wonder why there wasn't any announcements regarding the site being sold especially if many users trust the sites to generate wallets.
legendary
Activity: 2758
Merit: 6830
Well, people shouldn’t be using online websites nor remain connected to the internet when generating a paper wallet. The point of it is that you have to download a safe and open source generator and run it in an airgapped machine. When you do that in a .org website, you can’t actually be sure about what is happening behind the scenes.

Thanks for the warning tho. I remember I’ve used this paper wallet generator multiple times in the past years. Thankfully, I only hold my coins on a hardware wallet now.
newbie
Activity: 7
Merit: 4
⚠️ SECURITY ALERT ⚠️

After thorough investigation, we have reason to believe that anyone who has used a wallet from hxxp://WalletGenerator[.]net  from August 17 2018 and onward is at risk of losing their funds.

FULL DETAILS: https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961

TL;DR
Who is affected: Anyone who has put funds in a public/private key generated via WalletGenerator.net after August 17, 2018.
When: August 17, 2018 — Huh. While the malicious behavior is not presently found as of May 24, 2019, it could be reintroduced at any point.
What happened: There were changes to the code being served via WalletGenerator.net that resulted in duplicate keypairs being provided to users. These generated keypairs were also potentially stored server-side.
What you should do if you are affected: Securely create a new keypair / wallet and move your funds to that new, secure address. Some folks have recommended using bitaddress (offline) via https://github.com/pointbiz/bitaddress.org.
Jump to: