A Reddit user has become the latest example of why crypto users should be more careful when using wallet generators — after the user lost a few thousand dollars worth of Bitcoin (BTC) from their “secure” paper wallet.
On July 24, a Redditor by the name /jdmcnair posted on the r/Bitcoin subreddit, asking for an explanation on how a hacker could have been able to steal over $3,000 worth of Bitcoin from their supposedly secure paper wallet — which was even generated on an offline computer.
The Redditor’s Bitcoin wallet address shows an outgoing transaction of 0.12 BTC. Source: Blockchain.com
“I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for,” the user wrote.
Unpopular crypto opinion: the fact that wallet generators can be cracked and people can lose their funds with no recourse is terrifying. I’m going to tell you what I believe to be the answer, and I know the “make everything decentralized†crew will hate it
— Jesse Hynes (@jesse_hynes) April 25, 2023
In an update to his initial post, the Redditor revealed that they used the wallet creation tool walletgenerator.net to create their wallet’s private keys, which some users highlighted have been infamous for vulnerabilities in the past.
Speaking to Cointelegraph, blockchain security firm CertiK’s director of security operations Hugh Brooks said users should think twice before using a crypto wallet generator.
Such online wallet generators have served as a viable hacking tool for a while now, Brooks said:
Paper wallet generators have been known to contain serious vulnerabilities since 2019, Brooks said, adding that if anyone has generated wallets using walletgenerator.net then it’s likely “the same keys have been given to different users.”
The Profanity wallet generator exploit was a textbook example of this security vulnerability which led to the $160 million hack on algorithmic market maker Wintermute in September.
The solution is simple, according to Brooks. Users wanting safe crypto storage should use a “trusted hardware wallet provider such as Ledger and Trezor.”
Almost $1M in crypto stolen from vanity address exploit
The Redditor was baffled as to why the exploiter waited over 12 months to exploit the funds, prompting another to offer a possible explanation.
With a sudden increase in long-dormant Bitcoin wallets waking up — many with funds in the millions — some pundits think it’s due to wallet generators being hacked.
Hackers managed to snatch over $300 million in Q2 2023, according to CertiK, a 58% decline from the same period last year.
$3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story