The WalletGenerator generation service for printing private and public keys for storing cryptocurrency had a critical vulnerability threatening users who created paper crypto wallets with it after August 17, 2018. About this portal writes Decrypt with reference to the observations of analysts MyCrypto.
According to them, the ability to create "randomized" key pairs using the service, which is key to the cryptographic protection of users' assets, turned out to be fiction.
To generate keys, WalletGenerator used images that he himself created. Consequently, an attacker who has access to the data of these images can easily reproduce private and public keys owned by users.
MyCrypto Security Director Harry Denley called the discovered bug “exceptional” because it went unnoticed for a long time.
“Usually, malicious key generators send the user's secret information back to their server,” he said, adding that the WalletGenerator used allowed the service not to leave such traces. Considering such an unexpected turn of events, we still do not know whether the site owner is an attacker, or the server itself is insecure, or both options are correct. ”
After Denley contacted the site owners, on May 22, the vulnerability was mysteriously eliminated. It originally appeared as a result of the “code change” that occurred last August.
Denly recommends that WalletGenerator users immediately transfer funds from paper wallets to new secure addresses. The WalletGenerator service is quite popular among users – according to SimilarWeb, its monthly user base is about 140,000 people.
Publication date 26.05.2019
Share this material on social networks and leave your opinion in the comments below.
