We are not hiding anything.
We are sorry if something doesn’t make sense. When we were creating keys for VIBGYOR we were (don’t remember what other soft gen) but we were looking to generate 1O (1Orange) for the first coins in the series. That’s all we remember the real reason For change of key gen solution.
And moved from bitaddess to walletgenerator. That’s what we meant that we unluckily changed software.
We took. Sometime because it was 1 am last night until we were responding to messages.
Then we woke and went to work(day job) Then we came back and checked as much history as possible and we researched as much as possible and researched only to realized that walletgenerator is compromised.
But we are not hiding anything.
We didn’t answer because weren’t sure how this happened but as soon as possible we had time we responded.
Seavodin you have bough few coins from
Is, what does your heart say? Did we really do something intentionally ?
What does your interactions with us say? Will we hide somehting or makeup somehting ?
Do you not think we are always helpful and caring as much as possible
We are humans and yes a mistake is made for VIBGYOR series.
I dont think anyone here truly thinks you did this maliciously- you would be financially hurting yourself and your brand. It wouldnt make any sense and you would have just ghosted out of the community. But when any sort of a security leak happens, the person or entity involved typically tries to spin things in a way to take as little accountability as possible, and preserve as much trust from society as possible (it could happen to anyone right? just bad luck). This is why the sharing of information immediately is so vital, so your customers within this community can do an independent sort of 'audit' as opposed to you just investigating yourself. As mentioned by other members, there are quite a few engineers/programmers/technically savvy people on the board who can not only assist but verify claims. This is good for you and good for the community.
When information isn't provided immediately, my first reaction is that the person/entity is playing for time and trying to spin the facts. I'm not saying that that was what you were necessarily doing here, but your actions up to that point seemed to indicate it. I appreciate your longer form responses later on, as it lets people understand a bit more about what was going on as opposed to having to speculate, like I did. Perhaps part of this is a language barrier thing, or a PR response kind of issue.
I think Raghavsood provided the missing information here, which clears up how this occurred:
Based on a discussion I had with the team separately earlier today, they opened the website on the computer, before removing the internet connection and generating the keys.
It does not appear that the tool was built from source.
Unfortunately, that does make it extremely hard to validate anything more - even with a date range to work with, past investigations into walletgenerator knock-offs and scams have shown some degree of sophistication in serving "Good" generators to some IPs, and bad seeds to others. Without the original page used by the team to generate the keys being saved and available, it isn't really possible to look futher.
Presumably, the backdoor took the same form as the one described in the previously linked reports in this thread - the page was seeded with bad random data which was saved by the attackers, and they've simply been biding their time for a few years before sweeping to let the pot grow. This matches the on-chain evidence as well.
If this is accurate, then the breach occurred because:
- Using a computer that was not air gapped (was connected to the internet which allowed loading of the malicious website)
- Getting the software supplied by this .net website, and not downloading it from github
- Removing the internet connection did not secure key generation, as the website had already served up code that had an entropy seed value known to the attackers
This contradicts some of the information supplied earlier, but makes sense how this attack occurred.
The original explanations did not make sense in how the attack was perpetrated, and that was what I was trying to clear up.
Without a clear root cause on the issue, not only could you fall into this trap again (or more likely a variation of it)- but others could as well.
I would like to say that I am a fan of RC's designs and own several coins. I do not benefit from attacking his team, as it lowers the value of my collectibles and potentially stops a newer maker from creating new coins: something i support. I've supported this in the past by pre-ordering RC's LC V2 coins prior to this event occurring.
