Why Bitcoin Paper Wallets Are BAD
A researcher from the storage service MyCrypto Harry Denley discovered a serious error in the open source WalletGenerator, an online cryptocurrency wallet generator, which led to the issuance of the same private and public keys to different users.
According to the report, the crash occurred after an update on August 17, 2018, when at some point in time, the actual code on the website no longer matched the one posted on GitHub. After examining the differences, Harry Denley discovered that the real version of the service generates keys in a deterministic, not random way..
During the tests, the researcher created 1000 keys using both versions of the code. The addresses generated using the variant from GitHub were 100% unique, but for the current version on WalletGenerator this figure was only 12%. At the same time, after updating the browser, activating the VPN and changing the user, new sets of 120 keys were also beaten..
After a representative of MyCrypto contacted WalletGenerator, the project developers fixed the error. However, Harry Denley recommends to users who have used the generator from mid-August, move your assets to other addresses. He also does not exclude the emergence of new or the return of the same problem in the future due to the inattentive attitude of the developers to their side project..
According to SRLabs research, a third of Ethereum nodes use vulnerable client software, thereby putting the entire cryptocurrency network at risk of being hacked..
text: Ivan Malichenko, photo: tc logiciel libre