Bitcoin Forum
January 19, 2020, 07:57:07 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Disclosure: Key generation vulnerability found on WalletGenerator.net  (Read 78 times)
409H
Newbie
*
Offline Offline

Activity: 1
Merit: 2


View Profile
May 24, 2019, 02:14:39 PM
Last edit: May 24, 2019, 03:01:28 PM by 409H
Merited by Avirunes (2)
 #1

⚠️ SECURITY ALERT ⚠️

After thorough investigation, we have reason to believe that anyone who has used a wallet from hxxp://WalletGenerator[.]net  from August 17 2018 and onward is at risk of losing their funds.

FULL DETAILS: https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961

TL;DR
Who is affected: Anyone who has put funds in a public/private key generated via WalletGenerator.net after August 17, 2018.
When: August 17, 2018 — Huh. While the malicious behavior is not presently found as of May 24, 2019, it could be reintroduced at any point.
What happened: There were changes to the code being served via WalletGenerator.net that resulted in duplicate keypairs being provided to users. These generated keypairs were also potentially stored server-side.
What you should do if you are affected: Securely create a new keypair / wallet and move your funds to that new, secure address. Some folks have recommended using bitaddress (offline) via https://github.com/pointbiz/bitaddress.org.
1579420627
Hero Member
*
Offline Offline

Posts: 1579420627

View Profile Personal Message (Offline)

Ignore
1579420627
Reply with quote  #2

1579420627
Report to moderator
1579420627
Hero Member
*
Offline Offline

Posts: 1579420627

View Profile Personal Message (Offline)

Ignore
1579420627
Reply with quote  #2

1579420627
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579420627
Hero Member
*
Offline Offline

Posts: 1579420627

View Profile Personal Message (Offline)

Ignore
1579420627
Reply with quote  #2

1579420627
Report to moderator
TryNinja
Legendary
*
Offline Offline

Activity: 1260
Merit: 1755



View Profile
May 24, 2019, 04:17:10 PM
Merited by Avirunes (1)
 #2

Well, people shouldn’t be using online websites nor remain connected to the internet when generating a paper wallet. The point of it is that you have to download a safe and open source generator and run it in an airgapped machine. When you do that in a .org website, you can’t actually be sure about what is happening behind the scenes.

Thanks for the warning tho. I remember I’ve used this paper wallet generator multiple times in the past years. Thankfully, I only hold my coins on a hardware wallet now.

Avirunes
Legendary
*
Offline Offline

Activity: 1638
Merit: 1275



View Profile WWW
May 24, 2019, 04:58:47 PM
 #3

Never thought that there would be a way to cross the users like this. Gotta turn on my habit of offline generation of address from now onwards. I wonder why there wasn't any announcements regarding the site being sold especially if many users trust the sites to generate wallets.

smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
.Make your Cryptos untraceable!.
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.
NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.
NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!