WalletGenerator.net May Have Issued Compromised Paper Wallets Due to Malicious Code
Experts advise against creating private keys through any means while connected to the internet, as addresses may be compromised or copied.
WalletGenerator.Net, one of the simplest ways of creating a paper wallet, may be compromised and users are advised to move funds, if they are held in wallets generated after August 17, 2018. In a long blog post, an independent expert explains the way the generator, if connected to the internet, could issue compromised addresses.
So far, no loss of funds has been reported. Paper wallets are rarely used nowadays, displaced by hardware wallets, but wallet generation is still used for multiple coins.
The injection of malicious code happened after August 17 last year. As of May 24, no traces of the code were found, so it is unknown how long the wallet generator has been compromised.
“There were changes to the code being served via WalletGenerator.net that resulted in duplicate keypairs being provided to users. These generated keypairs were also potentially stored server-side,” the analysis shows.
Seed or private key generation has been one of the vectors for attacks against wallets. In the past, similar vulnerabilities have been allegedly found in the Coinomi wallet, as well as other randomness generators for various coins. Web-based wallets are also generally suspect.
One of the most serious wallet-based thefts happened to the Bitcoin Gold (BTG) community, where malicious code was injected through the official GitHub page of the project. All wallets generated from that code were compromised and granted access to a hacker to drain the funds.
Walletgenerator.net is still operational and produces private-public key pairs based on random data encryption. However, users are advised not to use the page since malicious code could be injected at any moment.
Hardware wallets remain one of the best protectors of the private keys, although some vulnerabilities are also possible. In general, access to open source GitHub projects is one of the ways a malicious actor could tamper with almost any wallet. Copies of MyEtherWallet are also one of the most common scams, although somewhat slowing down in 2019.